Null-dereference READ in blink::TaskRunnerHelper::Get |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5923035088683008 Fuzzer: lcamtuf_cross_fuzz Job Type: windows_asan_chrome Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: blink::TaskRunnerHelper::Get blink::TimedCanvasDrawListener::TimedCanvasDrawListener blink::TimedCanvasDrawListener::Create Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=502608:502648 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5923035088683008 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 26 2017
Test Predator has given the following results: Make blink::GlobalEventHandlers a static-only class, not a namespace by tkent@chromium.org Changed files GlobalEventHandlers.h, with the same CrashedDirectory(third_party/WebKit/Source/core/dom) as TaskRunnerHelper.cpp (in frame#0) Changed files GlobalEventHandlers.h, with the same CrashedComponent(Blink>DOM) as TaskRunnerHelper.cpp (in frame#0) @tkent -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Sep 26 2017
> Changed files GlobalEventHandlers.h, with the same CrashedDirectory(third_party/WebKit/Source/core/dom) as TaskRunnerHelper.cpp (in frame#0) They are completely unrelated. TEs, please just add component:Blink to crashes in blink:: namespace. The Blink bug rotation will handle issues with component:Blink.
,
Sep 27 2017
Predator and CL could not provide any possible suspects. Using the code search for the file, “TaskRunnerHelper.cpp” assigning to concern owner from GIT blame. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/905a5fd6040cc73a6adaff129faa5bf0b1edfc2a @nhiroki -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Sep 27 2017
It looks like the given execution context is null. Let me forward to the owners of TimedCanvasDrawListener (+emircan@,mcasas@).
,
Sep 28 2017
ClusterFuzz has detected this issue as fixed in range 504594:504637. Detailed report: https://clusterfuzz.com/testcase?key=5923035088683008 Fuzzer: lcamtuf_cross_fuzz Job Type: windows_asan_chrome Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: blink::TaskRunnerHelper::Get blink::TimedCanvasDrawListener::TimedCanvasDrawListener blink::TimedCanvasDrawListener::Create Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=502608:502648 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=504594:504637 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5923035088683008 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 28 2017
ClusterFuzz testcase 5923035088683008 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Sep 23 2017