Null-dereference READ in ui::X11EventSourceLibevent::OnDispatcherListChanged |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5742604948602880 Fuzzer: mbarbella_webgl Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: ui::X11EventSourceLibevent::OnDispatcherListChanged ui::PlatformEventSource::AddPlatformEventDispatcher aura::WindowTreeHostPlatform::WindowTreeHostPlatform Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5742604948602880 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Mar 3 2018
,
Mar 5 2018
,
Mar 6 2018
kyle, can you please triage this?
,
Mar 28 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b0770c15dc9aa7020829bb421fb88e4dc2ff7347 commit b0770c15dc9aa7020829bb421fb88e4dc2ff7347 Author: kylechar <kylechar@chromium.org> Date: Wed Mar 28 23:28:02 2018 Ozone X11 check X display on initialization. Add a CHECK that XOpenDisplay() doesn't return null when initializing Ozone X11. There is no point going any further, we are going to crash somewhere else and the crash stack isn't going to be as obvious. Bug: 806508 Change-Id: Ibdde13298d160cf4aff8420222a56af9fa303d22 Reviewed-on: https://chromium-review.googlesource.com/980596 Commit-Queue: kylechar <kylechar@chromium.org> Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org> Cr-Commit-Position: refs/heads/master@{#546655} [modify] https://crrev.com/b0770c15dc9aa7020829bb421fb88e4dc2ff7347/ui/ozone/platform/x11/ozone_platform_x11.cc
,
Mar 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7ec4cca899117d5044698711b81bb57141812fbf commit 7ec4cca899117d5044698711b81bb57141812fbf Author: kylechar <kylechar@chromium.org> Date: Thu Mar 29 13:24:38 2018 Revert "Ozone X11 check X display on initialization." This reverts commit b0770c15dc9aa7020829bb421fb88e4dc2ff7347. Reason for revert: https://crbug.com/827060 , the CHECK should happen after the call to XInitThreads(). Original change's description: > Ozone X11 check X display on initialization. > > Add a CHECK that XOpenDisplay() doesn't return null when initializing > Ozone X11. There is no point going any further, we are going to crash > somewhere else and the crash stack isn't going to be as obvious. > > Bug: 806508 > Change-Id: Ibdde13298d160cf4aff8420222a56af9fa303d22 > Reviewed-on: https://chromium-review.googlesource.com/980596 > Commit-Queue: kylechar <kylechar@chromium.org> > Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org> > Cr-Commit-Position: refs/heads/master@{#546655} TBR=sadrul@chromium.org,kylechar@chromium.org Change-Id: Idc86201a90a714c0a043ff48570582597d1e0257 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 806508 , 827060 Reviewed-on: https://chromium-review.googlesource.com/985958 Reviewed-by: kylechar <kylechar@chromium.org> Commit-Queue: kylechar <kylechar@chromium.org> Cr-Commit-Position: refs/heads/master@{#546804} [modify] https://crrev.com/7ec4cca899117d5044698711b81bb57141812fbf/ui/ozone/platform/x11/ozone_platform_x11.cc
,
Mar 29 2018
Issue 827004 has been merged into this issue.
,
Apr 6 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8549a4323a1eed733299a26e6a19ba9cfd04754c commit 8549a4323a1eed733299a26e6a19ba9cfd04754c Author: kylechar <kylechar@chromium.org> Date: Fri Apr 06 12:58:44 2018 RELAND: Ozone X11 check X display on initialization. Add a CHECK that XOpenDisplay() doesn't return null when initializing Ozone X11. There is no point going any further, we are going to crash somewhere else and the crash stack isn't going to be as obvious. Original change in https://crrev.com/c/980596. Reland change with call to XInitThreaded() first still to avoid crashes. Bug: 806508 Change-Id: I0ca480b140da702946b4b75cd93c63cd388fdfca Reviewed-on: https://chromium-review.googlesource.com/997894 Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org> Commit-Queue: kylechar <kylechar@chromium.org> Cr-Commit-Position: refs/heads/master@{#548754} [modify] https://crrev.com/8549a4323a1eed733299a26e6a19ba9cfd04754c/ui/ozone/platform/x11/ozone_platform_x11.cc
,
Apr 9 2018
,
Apr 20 2018
Issue 828352 has been merged into this issue.
,
Apr 20 2018
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by brajkumar@chromium.org
, Jan 29 2018Components: UI>Aura
Labels: -Pri-1 Test-Predator-Wrong CF-NeedsTriage Pri-2