Abrt in blink::mojom::blink::BlobRegistryProxy::GetBlobFromUUID |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6551324002091008 Fuzzer: libFuzzer_v8_serialized_script_value_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Abrt Crash Address: 0x03e900000d4c Crash State: blink::mojom::blink::BlobRegistryProxy::GetBlobFromUUID blink::BlobDataHandle::BlobDataHandle blink::BlobDataHandle::Create Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529788:529845 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6551324002091008 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jan 18 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/144e2c98f3ff7585f2719c1bf4d7e17afb209002 (First step of removing the old IPC Blob registration code paths.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Jan 18 2018
Hah yes, not so much caused by my change (in that what this test is testing would get the renderer process killed in both the before and after that change), but after my change the renderer process just happens to DCHECK for this error itself. So not a new bug, but definitely something to fix (and easy to fix).
,
Jan 18 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1593920eed56dee727e7f78ae5d206052e4ad7e0 commit 1593920eed56dee727e7f78ae5d206052e4ad7e0 Author: Marijn Kruisselbrink <mek@chromium.org> Date: Thu Jan 18 19:59:46 2018 Don't crash when deserializing an empty blob uuid. Bug: 803358 Change-Id: I97368cc84b776302480541f16467a9ac19ed3f0e Reviewed-on: https://chromium-review.googlesource.com/874292 Reviewed-by: Jeremy Roman <jbroman@chromium.org> Commit-Queue: Marijn Kruisselbrink <mek@chromium.org> Cr-Commit-Position: refs/heads/master@{#530240} [modify] https://crrev.com/1593920eed56dee727e7f78ae5d206052e4ad7e0/third_party/WebKit/Source/bindings/core/v8/serialization/V8ScriptValueDeserializer.cpp
,
Jan 19 2018
Should be fixed
,
Jan 19 2018
ClusterFuzz has detected this issue as fixed in range 529955:530274. Detailed report: https://clusterfuzz.com/testcase?key=6551324002091008 Fuzzer: libFuzzer_v8_serialized_script_value_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Abrt Crash Address: 0x03e900000d4c Crash State: blink::mojom::blink::BlobRegistryProxy::GetBlobFromUUID blink::BlobDataHandle::BlobDataHandle blink::BlobDataHandle::Create Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529788:529845 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529955:530274 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6551324002091008 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 19 2018
ClusterFuzz testcase 6551324002091008 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 15 2018
,
Jun 15 2018
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Jan 18 2018Labels: Test-Predator-Auto-Components