Null-dereference READ in service_manager::InterfaceProvider::GetInterface |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6573441867317248 Fuzzer: inferno_layout_test_unmodified Job Type: windows_asan_content_shell Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: service_manager::InterfaceProvider::GetInterface service_manager::InterfaceProvider::GetInterface<network::mojom::blink::Restrict blink::GlobalCookieStoreImpl<blink::LocalDOMWindow>::GetCookieStore Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=508465:508529 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6573441867317248 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 17 2017
pnangunoori@: Previous clusterfuzz bugs that I've received has a link to https://chromium.googlesource.com/chromium/src/+/lkgr/testing/libfuzzer/reproducing.md which was very helpful. Can you put together something like that for this class of bugs too? At the very least, it should explain setting up an asan build, figuring out the correct target, and symbolizing the result of ASAN builds.
,
Oct 17 2017
,
Oct 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/69c24baa344f64f11e00dbde4066ffbe7fee5b1f commit 69c24baa344f64f11e00dbde4066ffbe7fee5b1f Author: Victor Costan <pwnall@chromium.org> Date: Tue Oct 17 06:21:30 2017 Fix renderer crash on reading cookieStore on DOMWindow of detached iframe. The crash can only occur when the "Enable Experimental Web Platform Features" flag is turned on. Bug: 774626 Change-Id: I4e8170d2c82db53d8bacd5c8586ef4cce3000be4 Reviewed-on: https://chromium-review.googlesource.com/722038 Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#509302} [add] https://crrev.com/69c24baa344f64f11e00dbde4066ffbe7fee5b1f/third_party/WebKit/LayoutTests/http/tests/storage/async_cookies/bug774626.html [modify] https://crrev.com/69c24baa344f64f11e00dbde4066ffbe7fee5b1f/third_party/WebKit/Source/modules/cookie_store/GlobalCookieStore.cpp
,
Oct 17 2017
,
Oct 17 2017
ClusterFuzz has detected this issue as fixed in range 509282:509316. Detailed report: https://clusterfuzz.com/testcase?key=6573441867317248 Fuzzer: inferno_layout_test_unmodified Job Type: windows_asan_content_shell Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: service_manager::InterfaceProvider::GetInterface service_manager::InterfaceProvider::GetInterface<network::mojom::blink::Restrict blink::GlobalCookieStoreImpl<blink::LocalDOMWindow>::GetCookieStore Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=508465:508529 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=509282:509316 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6573441867317248 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 17 2017
ClusterFuzz testcase 6573441867317248 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 17 2017
,
Oct 17 2017
,
Oct 17 2017
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Nov 7 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by pnangunoori@chromium.org
, Oct 16 2017Components: Blink>Internals>Modularization
Labels: Test-Predator-Wrong M-63
Owner: pwnall@chromium.org
Status: Assigned (was: Untriaged)