Null-dereference READ in FindBarController::FindBarVisibilityChanged |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5948928347602944 Fuzzer: attekett_surku_fuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x0000007c Crash State: FindBarController::FindBarVisibilityChanged FindBarHost::OnVisibilityChanged DropdownBarHost::AnimationEnded Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=513169:513239 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5948928347602944 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 3 2017
Predator and CL could not provide any possible suspects. Using the code search for the file, “find_bar_controller.cc & find_bar_host.cc” assigning to concern owner from GIT blame. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/218c89220f26ee9bcc748ad0635d4cfce810aa12 @kylixrd -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Nov 3 2017
Yes, this seems to be mine. I'm not sure how to reproduce this, because it's unclear under what circumstances will there be a non-NULL web_contents_ field in the FindBarController instance, but no associated Browser* instance.
,
Nov 4 2017
,
Nov 4 2017
ClusterFuzz has detected this issue as fixed in range 513803:513825. Detailed report: https://clusterfuzz.com/testcase?key=5948928347602944 Fuzzer: attekett_surku_fuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x0000007c Crash State: FindBarController::FindBarVisibilityChanged FindBarHost::OnVisibilityChanged DropdownBarHost::AnimationEnded Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=513169:513239 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=513803:513825 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5948928347602944 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 4 2017
ClusterFuzz testcase 5948928347602944 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ec404cff85849dcae0312bfe97e3aaab27e3da2d commit ec404cff85849dcae0312bfe97e3aaab27e3da2d Author: Allen Bauer <kylixrd@chromium.org> Date: Tue Nov 07 14:09:03 2017 Added additional NULL check for the cases where a non-NULL web_contents_ is present, but no Browser* can be located. Likely happens during tab deletion. TBR=rohitrao@chromium.org Bug: 780991 Change-Id: I963e43dd6a7ea3315fcb0cede279846607e91161 Reviewed-on: https://chromium-review.googlesource.com/753655 Reviewed-by: Allen Bauer <kylixrd@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Allen Bauer <kylixrd@chromium.org> Cr-Commit-Position: refs/heads/master@{#514461} [modify] https://crrev.com/ec404cff85849dcae0312bfe97e3aaab27e3da2d/chrome/browser/ui/browser.cc [modify] https://crrev.com/ec404cff85849dcae0312bfe97e3aaab27e3da2d/chrome/browser/ui/cocoa/find_bar/find_bar_bridge_unittest.mm [modify] https://crrev.com/ec404cff85849dcae0312bfe97e3aaab27e3da2d/chrome/browser/ui/find_bar/find_bar_controller.cc [modify] https://crrev.com/ec404cff85849dcae0312bfe97e3aaab27e3da2d/chrome/browser/ui/find_bar/find_bar_controller.h
,
Nov 7 2017
,
Nov 7 2017
,
Nov 7 2017
,
Nov 7 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Nov 2 2017Labels: Test-Predator-AutoComponents