Issue metadata
Sign in to add a comment
|
Bad-cast to blink::WebView from invalid vptr;test_runner::TestRunnerForSpecificView::Reset;test_runner::WebViewTestProxyBase::Reset |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6486899601702912 Fuzzer: inferno_layout_test_unmodified Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: Bad-cast Crash Address: 0x3207eacb0580 Crash State: Bad-cast to blink::WebView from invalid vptr test_runner::TestRunnerForSpecificView::Reset test_runner::WebViewTestProxyBase::Reset Sanitizer: undefined (UBSAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=503010:503025 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6486899601702912 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 20 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 20 2017
,
Sep 20 2017
I'm not sure if this is a bug in the test runner itself, or if test runner is triggering a bug that would be reachable from production. There seem to be a lot of test runner bugs in the security triage queue lately.
,
Sep 21 2017
This is a dupe of issue 739147 (and 3 other identical bugs [1]). I've spent some time looking at issue 739147 and couldn't repro and couldn't figure out next steps... At any rate - as I've said in https://crbug.com/748428#c8 - this is not a product code issue. [1] https://bugs.chromium.org/p/chromium/issues/list?can=1&cursor=chromium%3A740389&q=%22Bad-cast%20to%20blink%3A%3AWebView%20from%20invalid%20vptr%22
,
Sep 21 2017
#5: Thank you! I kind of figured that'd be the case. mbarbella: Can we get ClusterFuzz to ignore or filter out test_runner things? Does that make sense as a request, is it possible, et c.?
,
Sep 21 2017
I'm open to suggestions, but having test runner stuff near the top of the stack doesn't necessarily guarantee that the underlying issue will be in test code. That said, it's a pretty good signal, and I'm about to enable automatic component assignment which would have added Test>Layout in this case. Does that seem reasonable for this type of issue, or is there still more that we'd like to have?
,
Sep 22 2017
#7: Yeah, that sounds good.
,
Oct 1 2017
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
,
Oct 1 2017
,
Oct 3 2017
Automatic component assignment is enabled and should be working properly now (the issue that caused the buggy update in c#9 is fixed).
,
Oct 4 2017
,
Oct 10 2017
ClusterFuzz testcase 6486899601702912 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
Oct 10 2017
Probably should have duped this rather than mark it as fixed
,
Jan 10 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Sep 20 2017