Null-dereference READ in blink::ExecutionContext::Url |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6080292384407552 Fuzzer: lcamtuf_cross_fuzz Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: blink::ExecutionContext::Url blink::NetworkInformation::GetRandomMultiplier blink::NetworkInformation::downlink Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=494860:494916 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6080292384407552 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 17 2017
Predator and CL could not provide any possible suspects. Using Code Search for the file, "ExecutionContext.cpp" assigning to concern owner. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/0d68a512e634d31dce7d71a71b4c867bf647ccf1 @yukishiino -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Aug 18 2017
tbansal@, could you take a look? If you're not one of the right owners of NetworkInformation, could you reroute this issue to the right owners? At a glance, it seems like that NetworkInformation is accessing an ExecutionContext without checking if it's still available (non-null) or not. In general, an ExecutionContext can be discarded at some point, so you should check if it's still available or not before its use.
,
Aug 18 2017
,
Aug 18 2017
,
Aug 18 2017
,
Aug 18 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/46e5295e9220f082b0c395b48ded7aea42bb12c7 commit 46e5295e9220f082b0c395b48ded7aea42bb12c7 Author: Tarun Bansal <tbansal@chromium.org> Date: Fri Aug 18 16:37:57 2017 Check if GetExecutionContext is null in NetInfo API Bug: 756363 Change-Id: Idcbdc4e59a311b5ab7bbfd9b67c1eb78f1a661bc Reviewed-on: https://chromium-review.googlesource.com/620906 Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Tarun Bansal <tbansal@chromium.org> Cr-Commit-Position: refs/heads/master@{#495578} [modify] https://crrev.com/46e5295e9220f082b0c395b48ded7aea42bb12c7/third_party/WebKit/Source/modules/netinfo/NetworkInformation.cpp
,
Aug 18 2017
,
Aug 19 2017
ClusterFuzz has detected this issue as fixed in range 495542:495750. Detailed report: https://clusterfuzz.com/testcase?key=6080292384407552 Fuzzer: lcamtuf_cross_fuzz Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: blink::ExecutionContext::Url blink::NetworkInformation::GetRandomMultiplier blink::NetworkInformation::downlink Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=494860:494916 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=495542:495750 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6080292384407552 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 19 2017
ClusterFuzz testcase 6080292384407552 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 25 2017
ClusterFuzz testcase 4698420211351552 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Aug 17 2017