Null-dereference READ in storage::BlobStorageRegistry::GetEntry |
|||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6583144592703488 Fuzzer: inferno_twister Job Type: windows_asan_content_shell Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000018 Crash State: storage::BlobStorageRegistry::GetEntry storage::BlobStorageContext::GetBlobStatus storage::BlobDataHandle::GetBlobStatus Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=519634:519652 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6583144592703488 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 30 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/704dd51b37b79941c6bdafb243e66a40691ad707 (Make FileReader use mojo Blob interface.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Dec 1 2017
Ah yes, BlobDataHandle is dereferencing a WeakPtr without null-checking first...
,
Dec 4 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/09c21aa99af3ec659744430e6cf548dc962de8fa commit 09c21aa99af3ec659744430e6cf548dc962de8fa Author: Marijn Kruisselbrink <mek@chromium.org> Date: Mon Dec 04 09:53:14 2017 Add missing null-check to BlobDataHandle::GetBlobStatus. This method was dereferencing a weak pointer without first making sure the pointer wasn't null, unlike every other method in the class. This fixes that. Bug: 790772 Change-Id: I980fa47a5afceae36d5843056ed03a88e863adce Reviewed-on: https://chromium-review.googlesource.com/802762 Reviewed-by: Daniel Murphy <dmurph@chromium.org> Commit-Queue: Marijn Kruisselbrink <mek@chromium.org> Cr-Commit-Position: refs/heads/master@{#521297} [modify] https://crrev.com/09c21aa99af3ec659744430e6cf548dc962de8fa/storage/browser/blob/blob_data_handle.cc
,
Dec 5 2017
ClusterFuzz has detected this issue as fixed in range 521292:521297. Detailed report: https://clusterfuzz.com/testcase?key=6583144592703488 Fuzzer: inferno_twister Job Type: windows_asan_content_shell Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000018 Crash State: storage::BlobStorageRegistry::GetEntry storage::BlobStorageContext::GetBlobStatus storage::BlobDataHandle::GetBlobStatus Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=519634:519652 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=521292:521297 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6583144592703488 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 5 2017
,
Dec 5 2017
ClusterFuzz testcase 6583144592703488 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 5 2017
ClusterFuzz has detected this issue as fixed in range 521292:521297. Detailed report: https://clusterfuzz.com/testcase?key=6583144592703488 Fuzzer: inferno_twister Job Type: windows_asan_content_shell Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000018 Crash State: storage::BlobStorageRegistry::GetEntry storage::BlobStorageContext::GetBlobStatus storage::BlobDataHandle::GetBlobStatus Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=519634:519652 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=521292:521297 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6583144592703488 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 5 2017
Keeping open since this still needs to be merged to M64
,
Dec 6 2017
Your change meets the bar and is auto-approved for M64. Please go ahead and merge the CL to branch 3282 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/aad679a3a7ba4bf71592ee97f03c6037d5fe9c40 commit aad679a3a7ba4bf71592ee97f03c6037d5fe9c40 Author: Marijn Kruisselbrink <mek@chromium.org> Date: Wed Dec 06 08:57:37 2017 Add missing null-check to BlobDataHandle::GetBlobStatus. This method was dereferencing a weak pointer without first making sure the pointer wasn't null, unlike every other method in the class. This fixes that. TBR=mek@chromium.org (cherry picked from commit 09c21aa99af3ec659744430e6cf548dc962de8fa) Bug: 790772 Change-Id: I980fa47a5afceae36d5843056ed03a88e863adce Reviewed-on: https://chromium-review.googlesource.com/802762 Reviewed-by: Daniel Murphy <dmurph@chromium.org> Commit-Queue: Marijn Kruisselbrink <mek@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#521297} Reviewed-on: https://chromium-review.googlesource.com/810275 Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Cr-Commit-Position: refs/branch-heads/3282@{#53} Cr-Branched-From: 5fdc0fab22ce7efd32532ee989b223fa12f8171e-refs/heads/master@{#520840} [modify] https://crrev.com/aad679a3a7ba4bf71592ee97f03c6037d5fe9c40/storage/browser/blob/blob_data_handle.cc
,
Dec 6 2017
,
Jun 15 2018
,
Jun 15 2018
|
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by ClusterFuzz
, Nov 30 2017Labels: Test-Predator-Auto-Components