Null-dereference READ in device::mojom::SensorProviderProxy::GetSensor |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5685181049733120 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_chrome Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: device::mojom::SensorProviderProxy::GetSensor content::DeviceOrientationEventPump::DidStartIfPossible device::mojom::Sensor_AddConfiguration_ForwardToCallback::Accept Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=517965:518052 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5685181049733120 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 23 2017
Automatically adding ccs based on suspected regression changelists: Extensions: convert keep_alive.js to use new Mojo JS bindings. by yzshen@chromium.org - https://chromium.googlesource.com/chromium/src/+/d91c0f145e1dfd5364e6f8bb5441257d84d2fc51 Allow sensors needed for device motion/orientation events in cross-origin iframes by juncai@chromium.org - https://chromium.googlesource.com/chromium/src/+/99cbeffa5daf94b216c4d4f94ffbcd2fd1fa4c0a If this is incorrect, please apply the Test-Predator-Wrong-CLs label.
,
Nov 28 2017
Issue 787714 has been merged into this issue.
,
Nov 28 2017
Patch out for review: https://chromium-review.googlesource.com/c/chromium/src/+/794519
,
Dec 5 2017
Add milestone for tracking.
,
Dec 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ba8d3cc8117f3526320041866a3524de7ffa6291 commit ba8d3cc8117f3526320041866a3524de7ffa6291 Author: Reilly Grant <reillyg@chromium.org> Date: Tue Dec 05 23:27:58 2017 Check for provider error before orientation sensor fallback This patch checks that |sensor_provider_| has not been reset before attempting to fetch a fallback sensor after an initial initialization error. This could happen if the SensorProvider interface is unavailable. Bug: 788120 Change-Id: I5afd03929e83ae4a35353dcc21f0c48ccbdb0066 Reviewed-on: https://chromium-review.googlesource.com/794519 Reviewed-by: Tim Volodine <timvolodine@chromium.org> Commit-Queue: Reilly Grant <reillyg@chromium.org> Cr-Commit-Position: refs/heads/master@{#521889} [modify] https://crrev.com/ba8d3cc8117f3526320041866a3524de7ffa6291/content/renderer/device_sensors/device_orientation_event_pump.cc
,
Dec 6 2017
ClusterFuzz has detected this issue as fixed in range 521823:521932. Detailed report: https://clusterfuzz.com/testcase?key=5685181049733120 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_chrome Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: device::mojom::SensorProviderProxy::GetSensor content::DeviceOrientationEventPump::DidStartIfPossible device::mojom::Sensor_AddConfiguration_ForwardToCallback::Accept Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=517965:518052 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=521823:521932 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5685181049733120 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 6 2017
ClusterFuzz testcase 5685181049733120 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 6 2017
Requesting merge to M-64. This change was released on Canary in 65.0.3286.0.
,
Dec 6 2017
Issue 792405 has been merged into this issue.
,
Dec 7 2017
+ Abdul for M64 merge review.
,
Dec 7 2017
Your change meets the bar and is auto-approved for M64. Please go ahead and merge the CL to branch 3282 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ad08763c34a6e6866bbf984d3ea452e49c7bffd9 commit ad08763c34a6e6866bbf984d3ea452e49c7bffd9 Author: Reilly Grant <reillyg@chromium.org> Date: Thu Dec 07 19:31:55 2017 [M-64] Check for provider error before orientation sensor fallback This patch checks that |sensor_provider_| has not been reset before attempting to fetch a fallback sensor after an initial initialization error. This could happen if the SensorProvider interface is unavailable. Bug: 788120 Change-Id: I5afd03929e83ae4a35353dcc21f0c48ccbdb0066 Reviewed-on: https://chromium-review.googlesource.com/794519 Reviewed-by: Tim Volodine <timvolodine@chromium.org> Commit-Queue: Reilly Grant <reillyg@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#521889}(cherry picked from commit ba8d3cc8117f3526320041866a3524de7ffa6291) Reviewed-on: https://chromium-review.googlesource.com/814777 Reviewed-by: Reilly Grant <reillyg@chromium.org> Cr-Commit-Position: refs/branch-heads/3282@{#76} Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840} [modify] https://crrev.com/ad08763c34a6e6866bbf984d3ea452e49c7bffd9/content/renderer/device_sensors/device_orientation_event_pump.cc |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ClusterFuzz
, Nov 23 2017Labels: Test-Predator-Auto-Components