Abrt in blink::ReportFatalErrorInMainThread |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5867903605014528 Fuzzer: inferno_twister Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: Abrt Crash Address: 0x03e900000001 Crash State: blink::ReportFatalErrorInMainThread v8::Function::Call blink::V8ScriptRunner::CallFunction Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=524052:524063 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5867903605014528 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Dec 23 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/e520f4e53439dc8b42918895e883f849bef1152a ([api] Add an ApiCheck for Function::Call on a null handle). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Jan 2 2018
This looks the same as issue 792604, but in V8RemotePlaybackAvailabilityCallback
,
Jan 2 2018
Issue 798130 has been merged into this issue.
,
Jan 2 2018
,
Jan 12 2018
,
Jan 17 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/da8da759e4dc7c823925c190bb5066aeecb8ca71 commit da8da759e4dc7c823925c190bb5066aeecb8ca71 Author: Yuki Shiino <yukishiino@chromium.org> Date: Wed Jan 17 09:03:44 2018 RemotePlayback: Fixes memory corruption caused by invalid key access. HashMap<int, T> doesn't support 0 (zero) as a valid key, and HashMap::find(0) returns an iterator pointing somewhere invalid. Use of such an iterator causes disaster. This patch checks the range of the given key before passing it in HashMap::find. Bug: 797480 Change-Id: Ieb6dd5930f5a5cf81ff3826c00bcc6365daac924 Reviewed-on: https://chromium-review.googlesource.com/868051 Reviewed-by: Hitoshi Yoshida <peria@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Yuki Shiino <yukishiino@chromium.org> Cr-Commit-Position: refs/heads/master@{#529678} [modify] https://crrev.com/da8da759e4dc7c823925c190bb5066aeecb8ca71/third_party/WebKit/Source/modules/remoteplayback/RemotePlayback.cpp
,
Jan 17 2018
,
Jan 18 2018
ClusterFuzz has detected this issue as fixed in range 529677:529678. Detailed report: https://clusterfuzz.com/testcase?key=5867903605014528 Fuzzer: inferno_twister Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: Abrt Crash Address: 0x03e900000001 Crash State: blink::ReportFatalErrorInMainThread v8::Function::Call blink::V8ScriptRunner::CallFunction Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=524052:524063 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=529677:529678 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5867903605014528 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 18 2018
ClusterFuzz testcase 5867903605014528 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Dec 23 2017Labels: Test-Predator-Auto-Components