Issue 826650 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	f...@opera.com
Closed:	Jun 2018
Components:	Blink>Loader Internals>Core
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Stability-Crash Stability-Memory-AddressSanitizer Stability-Memory-LeakSanitizer Clusterfuzz Unreproducible Test-Predator-Auto-Components Test-Predator-Auto-Owner

Indirect-leak in content::RenderFrameImpl::WillSendRequest

Project Member Reported by ClusterFuzz, Mar 28 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4902779399962624

Fuzzer: bj_broddelwerk
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  content::RenderFrameImpl::WillSendRequest
  blink::LocalFrameClientImpl::DispatchWillSendRequest
  blink::FrameFetchContext::PrepareRequest
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=542821:542822

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4902779399962624

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Mar 28 2018

Components: Blink Internals>Core
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Project Member

Comment 2 by ClusterFuzz, Mar 28 2018

Labels: Test-Predator-Auto-Owner
Owner: f...@opera.com
Status: Assigned (was: Untriaged)

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/40ac85caa6b0cbcb4f5c50a7e4fdf03412e5bbf7 ([CI] Transition ReferenceFilterOperation to SVGResource).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by rtoy@chromium.org, Mar 29 2018

Components: -Blink Blink>Loader

Comment 4 by f...@opera.com, Apr 9 2018

Labels: -Pri-1 Pri-2

I don't see that the object is leaking. What it looks like is happening is that the lifetime may be "extended" because <option> elements store a ComputedStyle reference on the element, which in turn will keep the object alive longer than if it just had been a "regular" ComputedStyle (referenced via LayoutObject), because the GC handle keeping the object alive will not be released until after the Element has been GCd (so the object will linger until the next collection.) I'll look into if it's possible to release the (non-LayoutObject) ComputedStyle reference earlier (at detach.)

Project Member

Comment 5 by ClusterFuzz, Apr 26 2018

Labels: -Reproducible Unreproducible

ClusterFuzz testcase 4902779399962624 appears to be flaky, updating reproducibility label.

Project Member

Comment 6 by ClusterFuzz, Jun 25 2018

Status: WontFix (was: Assigned)

ClusterFuzz testcase 4902779399962624 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 826650 link

Issue metadata

Indirect-leak in content::RenderFrameImpl::WillSendRequest

Issue description

Comment 1 by ClusterFuzz, Mar 28 2018

Comment 1 Deleted

Comment 2 by ClusterFuzz, Mar 28 2018

Comment 2 Deleted

Comment 3 by rtoy@chromium.org, Mar 29 2018

Comment 3 Deleted

Comment 4 by f...@opera.com, Apr 9 2018

Comment 4 Deleted

Comment 5 by ClusterFuzz, Apr 26 2018

Comment 5 Deleted

Comment 6 by ClusterFuzz, Jun 25 2018

Comment 6 Deleted

Sign in to add a comment