Null-dereference READ in content::RenderWidget::OnDidOverscroll |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5584371456409600 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: content::RenderWidget::OnDidOverscroll content::RenderWidgetInputHandler::DidOverscrollFromBlink blink::ChromeClientImpl::DidOverscroll Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=519995:519996 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5584371456409600 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 30 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ff7f1749d10b1fce53591cae122639cf17848e53 (Enable mojo input messages on all platforms other than Android webview.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Nov 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2760614ef85f57db3ee1ffdefe50d4321b41f75b commit 2760614ef85f57db3ee1ffdefe50d4321b41f75b Author: Dave Tapuska <dtapuska@chromium.org> Date: Thu Nov 30 21:11:19 2017 Fix clusterfuzz crash on MojoInputMessages The callsites were updated in https://chromium-review.googlesource.com/c/chromium/src/+/793971 however I left the DCHECK still in and didn't allow nullptr as the return value. This caused the clusterfuzz failures. BUG= 789926 , 789906 Change-Id: I950f4ea72225faa0f9be3afbe022e0152079aa92 Reviewed-on: https://chromium-review.googlesource.com/801637 Reviewed-by: Mustaq Ahmed <mustaq@chromium.org> Commit-Queue: Dave Tapuska <dtapuska@chromium.org> Cr-Commit-Position: refs/heads/master@{#520685} [modify] https://crrev.com/2760614ef85f57db3ee1ffdefe50d4321b41f75b/content/renderer/input/widget_input_handler_manager.cc
,
Nov 30 2017
,
Dec 1 2017
ClusterFuzz has detected this issue as fixed in range 520684:520685. Detailed report: https://clusterfuzz.com/testcase?key=5584371456409600 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: content::RenderWidget::OnDidOverscroll content::RenderWidgetInputHandler::DidOverscrollFromBlink blink::ChromeClientImpl::DidOverscroll Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=519995:519996 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=520684:520685 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5584371456409600 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 1 2017
ClusterFuzz testcase 5584371456409600 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Nov 30 2017Labels: Test-Predator-Auto-Components