Issue metadata
Sign in to add a comment
|
Null-dereference READ in GetPatternsForContentSettingsType |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5357850025787392 Fuzzer: mojo_fuzzer Job Type: linux_asan_chrome_mojo Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000060 Crash State: GetPatternsForContentSettingsType HostContentSettingsMap::SetContentSettingDefaultScope PermissionContextBase::ResetPermission Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mojo&range=555295:555297 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5357850025787392 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 3 2018
mkwst: is there someone on your team who can pick up these permissions bugs? I'm happy to help give advice on the fixes.
,
May 10 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/47df4b2c0b9dd21416767c0b31a824435a75e9b1 commit 47df4b2c0b9dd21416767c0b31a824435a75e9b1 Author: Raymes Khoury <raymes@chromium.org> Date: Thu May 10 04:30:17 2018 Fix 2 nullptr dereferences in permissions code This fixes 2 nullptr dereferences. The first arises because we don't sanity check the permission type received in the PermissionService. We don't expect to receive protected media requests on non-android platforms so a check is added for that. The second is because the default implementation of ResetPermission in PermissionContextBase won't work for content settings types which don't have a registered ContentSettingsType. We add a check for that case before resetting the permission. Bug: 839194 , 839221 Change-Id: I0dbb9930a7cc5e459b99e8f937791846fd0db83b Reviewed-on: https://chromium-review.googlesource.com/1045962 Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Timothy Loh <timloh@chromium.org> Commit-Queue: Raymes Khoury <raymes@chromium.org> Cr-Commit-Position: refs/heads/master@{#557450} [modify] https://crrev.com/47df4b2c0b9dd21416767c0b31a824435a75e9b1/chrome/browser/permissions/permission_context_base.cc [modify] https://crrev.com/47df4b2c0b9dd21416767c0b31a824435a75e9b1/content/browser/bad_message.h [modify] https://crrev.com/47df4b2c0b9dd21416767c0b31a824435a75e9b1/content/browser/permissions/permission_service_context.h [modify] https://crrev.com/47df4b2c0b9dd21416767c0b31a824435a75e9b1/content/browser/permissions/permission_service_impl.cc [modify] https://crrev.com/47df4b2c0b9dd21416767c0b31a824435a75e9b1/content/browser/permissions/permission_service_impl.h [modify] https://crrev.com/47df4b2c0b9dd21416767c0b31a824435a75e9b1/tools/metrics/histograms/enums.xml
,
May 10 2018
,
May 10 2018
ClusterFuzz has detected this issue as fixed in range 557449:557450. Detailed report: https://clusterfuzz.com/testcase?key=5357850025787392 Fuzzer: mojo_fuzzer Job Type: linux_asan_chrome_mojo Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000060 Crash State: GetPatternsForContentSettingsType HostContentSettingsMap::SetContentSettingDefaultScope PermissionContextBase::ResetPermission Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mojo&range=555295:555297 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mojo&range=557449:557450 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5357850025787392 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 10 2018
ClusterFuzz testcase 5357850025787392 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, May 3 2018Labels: Test-Predator-Auto-Components