Null-dereference READ in blink::Database::GetDatabaseTaskRunner |
||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6558184952299520 Fuzzer: inferno_layout_test_unmodified Job Type: windows_asan_chrome Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000014 Crash State: blink::Database::GetDatabaseTaskRunner blink::ScreenOrientationControllerImpl::UpdateOrientation blink::ScreenOrientationControllerImpl::SetOrientation Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=464127:464504 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6558184952299520 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 19 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/dc412c92d884336e3165bbb0058d1b791d17bcb5 commit dc412c92d884336e3165bbb0058d1b791d17bcb5 Author: Nate Chapin <japhet@chromium.org> Date: Tue Sep 19 16:39:44 2017 Install supplements in LocalDOMWindow::InstallNewDocument instead of in DocumentLoader LocalDOMWindow::InstallNewDocument is called for all Document installations, whereas DocumentLoader::InstallNewDocument is omitted for Documents created by XSLT transforms. Supplements may use a stale ExecutionContxt if not updated for all Document installs. Bug: 765902 Test: fast/xsl/supplements-after-xslt-transform.html Change-Id: Ic7ce996b16fe319ba01e296f2e935a967fe309ea Reviewed-on: https://chromium-review.googlesource.com/671465 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Commit-Queue: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#502865} [add] https://crrev.com/dc412c92d884336e3165bbb0058d1b791d17bcb5/third_party/WebKit/LayoutTests/fast/xsl/supplements-after-xslt-transform-expected.txt [add] https://crrev.com/dc412c92d884336e3165bbb0058d1b791d17bcb5/third_party/WebKit/LayoutTests/fast/xsl/supplements-after-xslt-transform.html [modify] https://crrev.com/dc412c92d884336e3165bbb0058d1b791d17bcb5/third_party/WebKit/Source/core/frame/LocalDOMWindow.cpp [modify] https://crrev.com/dc412c92d884336e3165bbb0058d1b791d17bcb5/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
,
Sep 20 2017
ClusterFuzz has detected this issue as fixed in range 502858:502881. Detailed report: https://clusterfuzz.com/testcase?key=6558184952299520 Fuzzer: inferno_layout_test_unmodified Job Type: windows_asan_chrome Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000014 Crash State: blink::Database::GetDatabaseTaskRunner blink::ScreenOrientationControllerImpl::UpdateOrientation blink::ScreenOrientationControllerImpl::SetOrientation Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=464127:464504 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=502858:502881 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6558184952299520 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 20 2017
ClusterFuzz testcase 6558184952299520 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||
►
Sign in to add a comment |
||
Comment 1 by kkaluri@chromium.org
, Sep 18 2017Components: Blink>ScreenOrientation
Labels: M-63 Test-Predator-Wrong
Owner: japhet@chromium.org
Status: Assigned (was: Untriaged)