Null-dereference READ in blink::Frame::GetPage |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5553410337406976 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000020 Crash State: blink::Frame::GetPage blink::NavigatorVR::NavigatorVR blink::NavigatorVR::From Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=502656:502703 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5553410337406976 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 20 2017
Predator could not provide any possible suspects. Using CL Search for the file, "NavigatorVR.cpp" assigning to the concern owner who might be related or worked on similar file. Suspect CL:https://chromium.googlesource.com/chromium/src/+/2a63db5f510828de8e371fd1f3836d8463d20b89 bajones@ -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Sep 20 2017
,
Sep 21 2017
,
Sep 22 2017
,
Sep 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bdb88e9cdf49ab7d656c475e9c114d2bf78bb4b6 commit bdb88e9cdf49ab7d656c475e9c114d2bf78bb4b6 Author: Anna Maria <offenwanger@chromium.org> Date: Wed Sep 27 22:08:25 2017 Fix null-dereference when VR navigator is detached Added in a nullptr check for when the navigator has a detached window. Bug: 766498 Change-Id: Ia103761f3673b518428f9e34f6b7082d952b3407 Reviewed-on: https://chromium-review.googlesource.com/685818 Reviewed-by: Brandon Jones <bajones@chromium.org> Commit-Queue: Anna Maria <offenwanger@chromium.org> Cr-Commit-Position: refs/heads/master@{#504780} [add] https://crrev.com/bdb88e9cdf49ab7d656c475e9c114d2bf78bb4b6/third_party/WebKit/LayoutTests/vr/latest/navigator_vr_early_detached.html [modify] https://crrev.com/bdb88e9cdf49ab7d656c475e9c114d2bf78bb4b6/third_party/WebKit/Source/modules/vr/NavigatorVR.cpp
,
Sep 28 2017
ClusterFuzz has detected this issue as fixed in range 504724:504793. Detailed report: https://clusterfuzz.com/testcase?key=5553410337406976 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000020 Crash State: blink::Frame::GetPage blink::NavigatorVR::NavigatorVR blink::NavigatorVR::From Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=502656:502703 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=504724:504793 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5553410337406976 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 28 2017
ClusterFuzz testcase 5553410337406976 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jul 4
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Sep 19 2017