CHECK failure: i < size() in Vector.h |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5539814970753024 Fuzzer: attekett_webaudio_fuzzer Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: CHECK failure Crash Address: Crash State: i < size() in Vector.h blink::AudioParamTimeline::WarnSetterOverlapsEvent blink::AudioParam::WarnIfSetterOverlapsEvent Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=511225:511668 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5539814970753024 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 27 2017
Using the provided regression range assigning to the possible suspect as per the change made for the files, “AudioParam.cpp & AudioParamTimeline.cpp” Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/48cba11435e21f6050c663bec57ea70b37dcf6aa @rtoy -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
,
Oct 27 2017
,
Oct 27 2017
This is not unique to an asan build. A debug build running the repro test case will also fail the CHECK.
,
Oct 29 2017
,
Nov 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4d393f49c316b295d1d3b4c95a93dfed0ddf4e67 commit 4d393f49c316b295d1d3b4c95a93dfed0ddf4e67 Author: Raymond Toy <rtoy@chromium.org> Date: Wed Nov 01 17:26:05 2017 Move value setter warning code completely to AudioParamTimeline Move the implemetation completely to the AudioParamTimeline class so we can lock the event list completely to prevent the audio thread from mutating the event list. The original implementation had two function calls: one to find an event index and another to print the warning. However, the audio thread could have mutated the event list between these calls, so the event index could be invalid. Bug: 778927 Test: Repro case doesn't fail DCHECK in debug build Change-Id: Ied1d8d5128a316aba3c8d59589e1f305a5a2a26b Reviewed-on: https://chromium-review.googlesource.com/741450 Commit-Queue: Raymond Toy <rtoy@chromium.org> Reviewed-by: Hongchan Choi <hongchan@chromium.org> Cr-Commit-Position: refs/heads/master@{#513163} [modify] https://crrev.com/4d393f49c316b295d1d3b4c95a93dfed0ddf4e67/third_party/WebKit/Source/modules/webaudio/AudioParam.cpp [modify] https://crrev.com/4d393f49c316b295d1d3b4c95a93dfed0ddf4e67/third_party/WebKit/Source/modules/webaudio/AudioParamTimeline.cpp [modify] https://crrev.com/4d393f49c316b295d1d3b4c95a93dfed0ddf4e67/third_party/WebKit/Source/modules/webaudio/AudioParamTimeline.h
,
Nov 2 2017
ClusterFuzz has detected this issue as fixed in range 513144:513169. Detailed report: https://clusterfuzz.com/testcase?key=5539814970753024 Fuzzer: attekett_webaudio_fuzzer Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: CHECK failure Crash Address: Crash State: i < size() in Vector.h blink::AudioParamTimeline::WarnSetterOverlapsEvent blink::AudioParam::WarnIfSetterOverlapsEvent Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=511225:511668 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=513144:513169 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5539814970753024 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 2 2017
ClusterFuzz testcase 5539814970753024 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Oct 27 2017