Null-dereference READ in content::BrowserPluginEmbedder::ScreenInfoChanged |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5674675668779008 Fuzzer: ipc_fuzzer_mut Job Type: linux_asan_chrome_ipc Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: content::BrowserPluginEmbedder::ScreenInfoChanged content::RenderWidgetHostImpl::NotifyScreenInfoChanged content::RenderWidgetHostViewAura::AddedToRootWindow Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_ipc&range=508786:508862 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5674675668779008 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 21 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/2a9513f5a7a74fac303c9be30957f16fa2285c67 (Kill a renderer if it sends an unexpected message before BPGM creation.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Oct 23 2017
Following the renderer kill from crbug.com/753719 , there are a few more calls into BrowserPluginEmbedder where we just need to return due to the lack of a BrowserPluginGuestManager. I missed this one in the original CL.
,
Oct 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/232d3d00928f78b5bacbeb5f5441292c47a8dd33 commit 232d3d00928f78b5bacbeb5f5441292c47a8dd33 Author: Kevin McNee <mcnee@chromium.org> Date: Mon Oct 23 18:39:44 2017 Check for null BPGM in BrowserPluginEmbedder::ScreenInfoChanged Following a renderer kill (see crbug.com/753719 ), we may have a null BrowserPluginGuestManager. Bug: 777039 Change-Id: Id1425226d342a522e3c0a8de8c6e5c992ef660cb Reviewed-on: https://chromium-review.googlesource.com/732783 Reviewed-by: Ehsan Karamad <ekaramad@chromium.org> Commit-Queue: Kevin McNee <mcnee@chromium.org> Cr-Commit-Position: refs/heads/master@{#510860} [modify] https://crrev.com/232d3d00928f78b5bacbeb5f5441292c47a8dd33/content/browser/browser_plugin/browser_plugin_embedder.cc
,
Oct 23 2017
,
Oct 24 2017
ClusterFuzz has detected this issue as fixed in range 510835:510937. Detailed report: https://clusterfuzz.com/testcase?key=5674675668779008 Fuzzer: ipc_fuzzer_mut Job Type: linux_asan_chrome_ipc Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: content::BrowserPluginEmbedder::ScreenInfoChanged content::RenderWidgetHostImpl::NotifyScreenInfoChanged content::RenderWidgetHostViewAura::AddedToRootWindow Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_ipc&range=508786:508862 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_ipc&range=510835:510937 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5674675668779008 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 26 2017
ClusterFuzz testcase 5674675668779008 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
,
Nov 7 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Oct 21 2017Labels: Test-Predator-AutoComponents