New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 757189 link

Starred by 1 user
Status: WontFix
Owner:
jsb...@chromium.org
Closed: Nov 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference in content::BlinkTestController::OnLayoutTestRuntimeFlagsChanged

Project Member Reported by ClusterFuzz, Aug 19 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5388534080077824

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference
Crash Address: 0x000000000000
Crash State:
  content::BlinkTestController::OnLayoutTestRuntimeFlagsChanged
  _ZN3IPC8MessageTI52LayoutTestHostMsg_LayoutTestRuntimeFlagsChanged_MetaNSt3__15t
  content::LayoutTestMessageFilter::OnMessageReceived
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=495811:495812

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5388534080077824

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by msrchandra@chromium.org, Sep 12 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong
Owner: tansell@chromium.org
Status: Assigned (was: Untriaged)
Predator could not provide any possible suspects.
Assigning to the concern owner from CL --
https://chromium.googlesource.com/chromium/src/+log/8c593c51be7804e3135e37e06dfb0106ee0cbdb3..878083f484afea64e664958535e3b8af05ff0fb3?pretty=fuller&n=10000

@tansell -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by tansell@google.com, Sep 12 2017

Cc: -msrchandra@chromium.org
Owner: msrchandra@chromium.org
This is definitely in no way related to my change?

My change is just changing the TestExpectations for LayoutTests -- a plain text file which is used to determine what tests are okay to fail...

Did you happen to get the wrong CLs?

Comment 3 by msrchandra@chromium.org, Sep 19 2017

Cc: msrchandra@chromium.org
Components: Blink>Layout
Owner: jsb...@chromium.org
Using Code Search for the file, "OnLayoutTestRuntimeFlagsChanged" assigning to the concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/607cb1475d625041f23200d3002c448e06239570

@jsbell -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 4 by jsb...@chromium.org, Sep 19 2017 

Hrm, I just added a DCHECK to make sure the message was happening on the right thread. So likely not my change. But I'm not finding any likely candidates either. No luck bisecting?

Comment 5 by e...@chromium.org, Sep 28 2017

Components: -Blink>Layout Blink>Infra
Test only crash in BlinkTestController.
Project Member

Comment 6 by ClusterFuzz, Nov 13 2017

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5388534080077824 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment