Issue 830245 link

Starred by 1 user

Issue metadata

Status:	Verified
Owner:	nzolghadr@chromium.org
Closed:	May 2018
Cc:	█ brajkumar@chromium.org bokan@chromium.org
Components:	Blink>Input
EstimatedDays:	----
NextAction:	----
OS:	Linux , Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz ClusterFuzz-Verified M-66 CF-NeedsTriage Test-Predator-Auto-Components Test-Predator-Auto-Owner

Null-dereference READ in blink::MouseEventManager::TryStartDrag

Project Member Reported by ClusterFuzz, Apr 8 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6170863971074048

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000080
Crash State:
  blink::MouseEventManager::TryStartDrag
  blink::MouseEventManager::HandleDrag
  blink::MouseEventManager::HandleDragDropIfPossible
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=473072:473106

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6170863971074048

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Apr 8 2018

Components: Blink
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Project Member

Comment 2 by ClusterFuzz, Apr 8 2018

Labels: Test-Predator-Auto-Owner
Owner: cbiesin...@chromium.org
Status: Assigned (was: Untriaged)

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/cd916cc43984ff94e84fd5716c8e5d6d04416ec6 (FontCachePurgePreventer is needed when computing MinPreferredWidth).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by kojii@chromium.org, Apr 9 2018

Components: -Blink Blink>Input

Comment 4 by cbiesinger@google.com, Apr 9 2018

Owner: ----
Status: Untriaged (was: Assigned)

I'm sure this isn't my change... this code should only be used on mac

Project Member

Comment 5 by ClusterFuzz, Apr 9 2018

Labels: OS-Mac

Comment 6 by brajkumar@chromium.org, Apr 10 2018

Cc: brajkumar@chromium.org
Labels: M-66 CF-NeedsTriage

Unable to find actual suspect through code search and also observing no suspecting CL under regression range, hence adding appropriate label and requesting someone from blink team to look in to this issue.

Thanks!

Comment 7 by bokan@chromium.org, Apr 12 2018

Cc: bokan@chromium.org
Owner: nzolghadr@chromium.org
Status: Assigned (was: Untriaged)

Project Member

Comment 8 by ClusterFuzz, May 16 2018

ClusterFuzz has detected this issue as fixed in range 558997:559000.

Detailed report: https://clusterfuzz.com/testcase?key=6170863971074048

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000080
Crash State:
  blink::MouseEventManager::TryStartDrag
  blink::MouseEventManager::HandleDrag
  blink::MouseEventManager::HandleDragDropIfPossible
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=473072:473106
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=558997:559000

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6170863971074048

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 9 by ClusterFuzz, May 16 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)

ClusterFuzz testcase 6170863971074048 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Project Member

Comment 10 by ClusterFuzz, May 16 2018

ClusterFuzz testcase 6170863971074048 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 830245 link

Issue metadata

Null-dereference READ in blink::MouseEventManager::TryStartDrag

Issue description

Comment 1 by ClusterFuzz, Apr 8 2018

Comment 1 Deleted

Comment 2 by ClusterFuzz, Apr 8 2018

Comment 2 Deleted

Comment 3 by kojii@chromium.org, Apr 9 2018

Comment 3 Deleted

Comment 4 by cbiesinger@google.com, Apr 9 2018

Comment 4 Deleted

Comment 5 by ClusterFuzz, Apr 9 2018

Comment 5 Deleted

Comment 6 by brajkumar@chromium.org, Apr 10 2018

Comment 6 Deleted

Comment 7 by bokan@chromium.org, Apr 12 2018

Comment 7 Deleted

Comment 8 by ClusterFuzz, May 16 2018

Comment 8 Deleted

Comment 9 by ClusterFuzz, May 16 2018

Comment 9 Deleted

Comment 10 by ClusterFuzz, May 16 2018

Comment 10 Deleted

Sign in to add a comment