Issue metadata
Sign in to add a comment
|
Null-dereference READ in content::DelegatedFrameHostClientAura::DelegatedFrameHostGetLayer |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4697460400979968 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x0000000c Crash State: content::DelegatedFrameHostClientAura::DelegatedFrameHostGetLayer content::DelegatedFrameHost::EvictDelegatedFrame content::DelegatedFrameHost::OnLostResources Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=550062:550064 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4697460400979968 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 13 2018
Predator and CL could not provide any possible suspects. Using Code Search for the file, "delegated_frame_host_client_aura.cc" suspecting the below Cl might have caused this issue Suspect CL: https://chromium.googlesource.com/chromium/src/+/b851ceb60174d8b903d4ff26e01f75f5eb6b7db9 ccameron@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Apr 16 2018
That patch is very far from where this crash is occurring.
It appears that RWHVAura::window_ is nullptr here:
ui::Layer* DelegatedFrameHostClientAura::DelegatedFrameHostGetLayer() const {
return render_widget_host_view_->window_->layer();
}
->sky based on blamelist (though there may be a better OWNER for this code now).
,
Aug 2
ClusterFuzz testcase 4697460400979968 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Apr 12 2018Labels: Test-Predator-Auto-Components