Null-dereference READ in views::TrayBubbleView::UpdateBubble |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5470960261267456 Fuzzer: phoglund_webrtc_peerconnection Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: views::TrayBubbleView::UpdateBubble ash::WebNotificationTray::AnchorUpdated views::Widget::OnNativeWidgetSizeChanged Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=520215:520264 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5470960261267456 Additional requirements: Requires Gestures Additional requirements: Requires HTTP Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 30 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/4a10c5ffae9daf27aeb8ad79c422aaa370777f96 (Initial implementation of sidebar-style message center). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Dec 8 2017
The CL under review: https://chromium-review.googlesource.com/c/chromium/src/+/813153
,
Dec 8 2017
,
Dec 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3ae2446be3d11e6393c0bc8567f953212babc63c commit 3ae2446be3d11e6393c0bc8567f953212babc63c Author: yoshiki iguchi <yoshiki@chromium.org> Date: Wed Dec 13 06:26:28 2017 Make SystemTrayView owned by the view hierarchy Previously, I have added SystemTrayView class which was owned by SystemTray class (crrev.com/727379). But the views in the tray are assumed to be destroyed with the parent view and the bubble, so that caused some issues. This patch changes that and makes SystemTrayView owned by the view hierarchy. Then the issues are solved. This patch also updates the newly-added code in NetworkStateListDetaiedView because the code didn't assume that lifetime of views. Bug: 790716 , 789833 Change-Id: I62eca328780cabb7c5d68967cc1ddee7a1e23b9a Reviewed-on: https://chromium-review.googlesource.com/813153 Commit-Queue: Yoshiki Iguchi <yoshiki@chromium.org> Reviewed-by: Yuki Awano <yawano@chromium.org> Reviewed-by: Mitsuru Oshima <oshima@chromium.org> Cr-Commit-Position: refs/heads/master@{#523701} [modify] https://crrev.com/3ae2446be3d11e6393c0bc8567f953212babc63c/ash/system/network/network_state_list_detailed_view.cc [modify] https://crrev.com/3ae2446be3d11e6393c0bc8567f953212babc63c/ash/system/network/network_state_list_detailed_view.h [modify] https://crrev.com/3ae2446be3d11e6393c0bc8567f953212babc63c/ash/system/tray/system_tray.cc [modify] https://crrev.com/3ae2446be3d11e6393c0bc8567f953212babc63c/ash/system/tray/system_tray.h [modify] https://crrev.com/3ae2446be3d11e6393c0bc8567f953212babc63c/ash/system/tray/system_tray_bubble.cc [modify] https://crrev.com/3ae2446be3d11e6393c0bc8567f953212babc63c/ash/system/tray/system_tray_bubble.h
,
Dec 13 2017
,
Jan 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/04c03c427c9ab5ccb28e01969b2cf5a1cfb9752d commit 04c03c427c9ab5ccb28e01969b2cf5a1cfb9752d Author: yoshiki iguchi <yoshiki@chromium.org> Date: Tue Jan 30 02:13:29 2018 Make SystemTrayView owned by the view hierarchy Previously, I have added SystemTrayView class which was owned by SystemTray class (crrev.com/727379). But the views in the tray are assumed to be destroyed with the parent view and the bubble, so that caused some issues. This patch changes that and makes SystemTrayView owned by the view hierarchy. Then the issues are solved. This patch also updates the newly-added code in NetworkStateListDetaiedView because the code didn't assume that lifetime of views. TBR=yoshiki@chromium.org (cherry picked from commit 3ae2446be3d11e6393c0bc8567f953212babc63c) Bug: 790716 , 789833 Change-Id: I62eca328780cabb7c5d68967cc1ddee7a1e23b9a Reviewed-on: https://chromium-review.googlesource.com/813153 Commit-Queue: Yoshiki Iguchi <yoshiki@chromium.org> Reviewed-by: Yuki Awano <yawano@chromium.org> Reviewed-by: Mitsuru Oshima <oshima@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#523701} Reviewed-on: https://chromium-review.googlesource.com/892194 Reviewed-by: Yoshiki Iguchi <yoshiki@chromium.org> Cr-Commit-Position: refs/branch-heads/3282@{#613} Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840} [modify] https://crrev.com/04c03c427c9ab5ccb28e01969b2cf5a1cfb9752d/ash/system/network/network_state_list_detailed_view.cc [modify] https://crrev.com/04c03c427c9ab5ccb28e01969b2cf5a1cfb9752d/ash/system/network/network_state_list_detailed_view.h [modify] https://crrev.com/04c03c427c9ab5ccb28e01969b2cf5a1cfb9752d/ash/system/tray/system_tray.cc [modify] https://crrev.com/04c03c427c9ab5ccb28e01969b2cf5a1cfb9752d/ash/system/tray/system_tray.h [modify] https://crrev.com/04c03c427c9ab5ccb28e01969b2cf5a1cfb9752d/ash/system/tray/system_tray_bubble.cc [modify] https://crrev.com/04c03c427c9ab5ccb28e01969b2cf5a1cfb9752d/ash/system/tray/system_tray_bubble.h |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Nov 30 2017Labels: Test-Predator-Auto-Components