Null-dereference READ in blink::AudioNode::Handler |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5208685378011136 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000058 Crash State: blink::AudioNode::Handler blink::AudioDestinationNode::GetAudioDestinationHandler blink::OfflineAudioContext::FireCompletionEvent Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=491005:491007 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5208685378011136 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 2 2017
Predator could not provide any possible suspects. Assigning to concern owner from the CL -- https://chromium.googlesource.com/chromium/src/+log/3e9cc4ae40411ece9f938db3f6c2875581a47960..cfab3ada781b1dcd673fb256bc02354d24124f1e?pretty=fuller Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/43f4d76865609abf431fc26a64b2ba776daf2bbb @rtoy -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Aug 2 2017
,
Aug 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d0458173d163380c6a1606943c94720511c3e694 commit d0458173d163380c6a1606943c94720511c3e694 Author: Raymond Toy <rtoy@chromium.org> Date: Wed Aug 02 22:19:14 2017 Access the rendered buffer only if the document exists When firing the completion event make sure the document exists before we try to get the rendered buffer that needs to be returned. Bug: 751377 Change-Id: Id956f5a287b6b91b7bad04d85b6c8f3c32c9470d Reviewed-on: https://chromium-review.googlesource.com/598727 Reviewed-by: Hongchan Choi <hongchan@chromium.org> Commit-Queue: Hongchan Choi <hongchan@chromium.org> Commit-Queue: Raymond Toy <rtoy@chromium.org> Cr-Commit-Position: refs/heads/master@{#491527} [modify] https://crrev.com/d0458173d163380c6a1606943c94720511c3e694/third_party/WebKit/Source/modules/webaudio/OfflineAudioContext.cpp
,
Aug 3 2017
ClusterFuzz has detected this issue as fixed in range 491480:491565. Detailed report: https://clusterfuzz.com/testcase?key=5208685378011136 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000058 Crash State: blink::AudioNode::Handler blink::AudioDestinationNode::GetAudioDestinationHandler blink::OfflineAudioContext::FireCompletionEvent Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=491005:491007 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=491480:491565 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5208685378011136 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 3 2017
ClusterFuzz testcase 5208685378011136 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Aug 2 2017