New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 824104 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Apr 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in ash::mojom::AppListClientProxy::OnAppListTargetVisibilityChanged

Project Member Reported by ClusterFuzz, Mar 21 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6693628156837888

Fuzzer: phoglund_webrtc_peerconnection
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  ash::mojom::AppListClientProxy::OnAppListTargetVisibilityChanged
  app_list::AppListPresenterImpl::Show
  ash::AppListShelfItemDelegate::ItemSelected
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=542308:542313

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6693628156837888

Additional requirements: Requires Gestures

Additional requirements: Requires HTTP

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Mar 21 2018

Components: UI>Shell>Shelf
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Mar 21 2018

Cc: hejq@google.com
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

app_list: migrate AppList UI into Ash. by hejq@google.com - https://chromium.googlesource.com/chromium/src/+/989875657d3f82b51da067fefc33bb9bb97923c6

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
Cc: -hejq@google.com xiy...@chromium.org newcomer@chromium.org
Owner: hejq@chromium.org
Probably from the AppList migration?
Labels: Touch-Friendly-Launcher-Urgent

Comment 5 by xiy...@chromium.org, Mar 30 2018

Looks like because AppListControllerImpl::SetClient is not yet called when clusterfuzz plays with app list.
Project Member

Comment 6 by bugdroid1@chromium.org, Apr 17 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8021d98a721675e7b3f4311e7d0842ab5c44e8e1

commit 8021d98a721675e7b3f4311e7d0842ab5c44e8e1
Author: Jiaquan He <hejq@google.com>
Date: Tue Apr 17 19:06:25 2018

app_list: check AppListClient pointer in AppListControllerImpl.

This commit skips some logic when the AppListClient pointer is not set
in AppListControllerImpl. This makes clusterfuzz happy at this point,
and avoids potential crashes in the future.

Bug:  824104 
Bug: 733662
Change-Id: I82612d59ae23e843e47192a4254080f4a8fa67fd
Reviewed-on: https://chromium-review.googlesource.com/1015220
Commit-Queue: Jiaquan He <hejq@google.com>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#551419}
[modify] https://crrev.com/8021d98a721675e7b3f4311e7d0842ab5c44e8e1/ash/app_list/app_list_controller_impl.cc

Comment 7 by hejq@chromium.org, Apr 17 2018

Status: Fixed (was: Untriaged)

Sign in to add a comment