Null-dereference READ in LocationBarView::ShowPageInfoDialog |
|||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5320325718605824 Fuzzer: inferno_twister Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: LocationBarView::ShowPageInfoDialog IconLabelBubbleView::NotifyClick views::Button::OnKeyPressed Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=547627:547628 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5320325718605824 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 4 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/c4901a12bb32cd65e8c141cf97339a5a604c3dfd (Fix page info dialog for PresentationReceiverWindowController). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Apr 5 2018
,
Apr 6 2018
,
Apr 6 2018
,
Apr 9 2018
Crashes are seen on Windows as well with magic signature 'LocationBarView::ShowPageInfoDialog'.
,
Apr 9 2018
Users experienced this crash on the following builds: Win Canary 67.0.3390.0 - 0.10 CPM, 10 reports, 6 clients (signature LocationBarView::ShowPageInfoDialog) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Apr 17 2018
Friendly ping for an update on this. Link to the list of the builds: =============================== https://crash.corp.google.com/browse?q=expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27LocationBarView%3A%3AShowPageInfoDialog%27#-property-selector,productversion:1000,-magicsignature:50,-magicsignature2:50,-stablesignature:50,-magicsignaturesorted:50
,
Apr 17 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0e6e9217e25ef09cb184c6103ce97554add3e9a1 commit 0e6e9217e25ef09cb184c6103ce97554add3e9a1 Author: btolsch <btolsch@chromium.org> Date: Tue Apr 17 21:39:48 2018 Check WebContents* in LocationBarView::ShowPageInfoDialog Bug: 828704 Change-Id: I1263e0bc2520b7b5f110ac2ae0ac92e3db8e2fd9 Reviewed-on: https://chromium-review.googlesource.com/999310 Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Brandon Tolsch <btolsch@chromium.org> Cr-Commit-Position: refs/heads/master@{#551484} [modify] https://crrev.com/0e6e9217e25ef09cb184c6103ce97554add3e9a1/chrome/browser/ui/views/location_bar/location_icon_view.cc
,
Apr 18 2018
Windows canary version: 67.0.3399.0 has been live for 8 hrs and has not reported any crashes so far.
,
Apr 19 2018
ClusterFuzz has detected this issue as fixed in range 551478:551482. Detailed report: https://clusterfuzz.com/testcase?key=5320325718605824 Fuzzer: inferno_twister Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: LocationBarView::ShowPageInfoDialog IconLabelBubbleView::NotifyClick views::Button::OnKeyPressed Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=547627:547628 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=551478:551482 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5320325718605824 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 19 2018
ClusterFuzz testcase 5320325718605824 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Apr 19 2018
[Auto-generated comment by a script] We noticed that this issue is targeted for M-67; it appears the fix may have landed after branch point, meaning a merge might be required. Please confirm if a merge is required here - if so add Merge-Request-67 label, otherwise remove Merge-TBD label. Thanks.
,
Apr 19 2018
Cl listed at #9 needs merge to M67. Pls request a merge ASAP.
,
Apr 19 2018
Adding "Merge-Request-67" label per comment #14.
,
Apr 20 2018
Your change meets the bar and is auto-approved for M67. Please go ahead and merge the CL to branch 3396 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 20 2018
Please merge ASAP so we can pick it up for next M67 Dev/Beta Release. Thank you.
,
Apr 20 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f245cfba9bc4be5144449f8371fcf88a5d370515 commit f245cfba9bc4be5144449f8371fcf88a5d370515 Author: btolsch <btolsch@chromium.org> Date: Fri Apr 20 19:00:41 2018 Check WebContents* in LocationBarView::ShowPageInfoDialog TBR=btolsch@chromium.org (cherry picked from commit 0e6e9217e25ef09cb184c6103ce97554add3e9a1) Bug: 828704 Change-Id: I1263e0bc2520b7b5f110ac2ae0ac92e3db8e2fd9 Reviewed-on: https://chromium-review.googlesource.com/999310 Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Brandon Tolsch <btolsch@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#551484} Reviewed-on: https://chromium-review.googlesource.com/1022259 Reviewed-by: Brandon Tolsch <btolsch@chromium.org> Cr-Commit-Position: refs/branch-heads/3396@{#168} Cr-Branched-From: 9ef2aa869bc7bc0c089e255d698cca6e47d6b038-refs/heads/master@{#550428} [modify] https://crrev.com/f245cfba9bc4be5144449f8371fcf88a5d370515/chrome/browser/ui/views/location_bar/location_icon_view.cc |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by ClusterFuzz
, Apr 4 2018Labels: Test-Predator-Auto-Components