Issue 813526 link

Starred by 1 user

Issue metadata

Status:	Verified
Owner:	bokan@chromium.org
Closed:	Mar 2018
Cc:	lukasza@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Stability-Memory-MemorySanitizer Security_Impact-None Clusterfuzz ClusterFuzz-Verified M-65 Test-Predator-Auto-CC Test-Predator-Auto-Components

Blocked on:
issue 751218

Use-of-uninitialized-value in test_runner::TestRunnerForSpecificView::Reset

Project Member Reported by ClusterFuzz, Feb 19 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4739363761291264

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  test_runner::TestRunnerForSpecificView::Reset
  test_runner::WebViewTestProxyBase::Reset
  test_runner::TestInterfaces::ResetAll
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=389884:390115

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4739363761291264

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Feb 19 2018

Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Project Member

Comment 2 by ClusterFuzz, Feb 19 2018

Cc: bokan@chromium.org lukasza@chromium.org
Labels: Test-Predator-Auto-CC

Automatically adding ccs based on suspected regression changelists:

Fix main thread top controls scrolling to mirror CC. by bokan@chromium.org - https://chromium.googlesource.com/chromium/src/+/c63441cc9941c223e2f2d311085903c00da85938

Make sure TestRunner::topLoadingFrame is from the main test window. by lukasza@chromium.org - https://chromium.googlesource.com/chromium/src/+/8973c521e42739f6c2d1e1b3c8fa7c6e90753014

Make WebWidget::resize early out if the size doesn't change. by bokan@chromium.org - https://chromium.googlesource.com/chromium/src/+/71cb5b185f274ee0f96b346ce8a515073e9e2975

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

Project Member

Comment 3 by sheriffbot@chromium.org, Feb 19 2018

Labels: M-65

Project Member

Comment 4 by sheriffbot@chromium.org, Feb 19 2018

Labels: Pri-1

Comment 5 by lukasza@chromium.org, Feb 20 2018

Blockedon: 751218

My attempt to repro locally failed because of issue 751218.

Comment 6 by bokan@chromium.org, Feb 27 2018

Cc: -bokan@chromium.org
Owner: bokan@chromium.org
Status: Assigned (was: Untriaged)

I (for now) have a Trusty CloudTop VM so I'll try to repro this week.

Comment 7 by kenrb@chromium.org, Feb 28 2018

I can remove the security flags from this, right? There is only test code on the call stack.

Comment 8 by lukasza@chromium.org, Feb 28 2018

Labels: -Type-Bug-Security -Pri-1 -Restrict-View-SecurityTeam -Security_Impact-Stable -Security_Severity-Medium Security_Impact-None Pri-2 Type-Bug

RE: #c7: yes

Comment 9 by est...@chromium.org, Mar 17 2018

 Issue 821258  has been merged into this issue.

Project Member

Comment 10 by ClusterFuzz, Mar 26 2018

ClusterFuzz has detected this issue as fixed in range 545714:545715.

Detailed report: https://clusterfuzz.com/testcase?key=4739363761291264

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  test_runner::TestRunnerForSpecificView::Reset
  test_runner::WebViewTestProxyBase::Reset
  test_runner::TestInterfaces::ResetAll
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=389884:390115
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=545714:545715

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4739363761291264

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 11 by ClusterFuzz, Mar 26 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)

ClusterFuzz testcase 4739363761291264 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 813526 link

Issue metadata

Use-of-uninitialized-value in test_runner::TestRunnerForSpecificView::Reset

Issue description

Comment 1 by ClusterFuzz, Feb 19 2018

Comment 1 Deleted

Comment 2 by ClusterFuzz, Feb 19 2018

Comment 2 Deleted

Comment 3 by sheriffbot@chromium.org, Feb 19 2018

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, Feb 19 2018

Comment 4 Deleted

Comment 5 by lukasza@chromium.org, Feb 20 2018

Comment 5 Deleted

Comment 6 by bokan@chromium.org, Feb 27 2018

Comment 6 Deleted

Comment 7 by kenrb@chromium.org, Feb 28 2018

Comment 7 Deleted

Comment 8 by lukasza@chromium.org, Feb 28 2018

Comment 8 Deleted

Comment 9 by est...@chromium.org, Mar 17 2018

Comment 9 Deleted

Comment 10 by ClusterFuzz, Mar 26 2018

Comment 10 Deleted

Comment 11 by ClusterFuzz, Mar 26 2018

Comment 11 Deleted

Sign in to add a comment