Null-dereference READ in blink::MouseEventManager::GetDragState |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6323679504629760 Fuzzer: inferno_layout_test_unmodified Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: blink::MouseEventManager::GetDragState blink::MouseEventManager::TryStartDrag blink::MouseEventManager::HandleDrag Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=527199:527221 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6323679504629760 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 16 2018
Automatically adding ccs based on suspected regression changelists: DevTools: ignore hash in url when searching for associated uiSourceCode by luoe@chromium.org - https://chromium.googlesource.com/chromium/src/+/3b46beb71bae6552e11b09ccba1b0b61ed9709e6 DevTools: deflake interception auth tests by caseq@chromium.org - https://chromium.googlesource.com/chromium/src/+/b387ae77db90142d2bddf9c1aa45cd258e4a6689 Add Lohit Gumurkhi, Garuda to the list of GCS synced linux fonts by drott@chromium.org - https://chromium.googlesource.com/chromium/src/+/79e55b710feeee1d464b50d5ddabb70901cbdff8 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
May 17 2018
,
May 17 2018
,
May 17 2018
ClusterFuzz testcase 6323679504629760 appears to be flaky, updating reproducibility label.
,
May 17 2018
,
May 23 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c commit 2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c Author: Ella Ge <eirage@chromium.org> Date: Wed May 23 21:47:12 2018 Check page exist after dispatch dragstart frame_->GetPage() may be null. need to check before use GetDragState This CL reorder the some checks in MouseEventManager::TryStartDrag to make sure GetPage is valid before start drag. Bug: 843502 Change-Id: Ifdf5b20d7132ca4b089c9a5b7652ebbd41370c33 Reviewed-on: https://chromium-review.googlesource.com/1064878 Commit-Queue: Ella Ge <eirage@chromium.org> Reviewed-by: Navid Zolghadr <nzolghadr@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#561262} [add] https://crrev.com/2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c/third_party/WebKit/LayoutTests/fast/events/drag-remove-iframe-crash.html [add] https://crrev.com/2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c/third_party/WebKit/LayoutTests/fast/events/resources/drag-inside-iframe.html [modify] https://crrev.com/2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c/third_party/blink/renderer/core/input/mouse_event_manager.cc
,
May 23 2018
,
May 25 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6bfaed76fc307bc5f336abffba350f459603936d commit 6bfaed76fc307bc5f336abffba350f459603936d Author: Trent Apted <tapted@chromium.org> Date: Fri May 25 07:37:54 2018 Revert "Check page exist after dispatch dragstart" This reverts commit 2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c. Reason for revert: tests fail in https://ci.chromium.org/buildbot/chromium.webkit/WebKit%20Linux%20Trusty%20Leak/19267 leak log like ({"numberOfLiveDocuments":[1,2],"numberOfLiveFrames":[1,2],"numberOfLiveNodes":[4,9],"numberOfLivePausableObjects":[2,3],"numberOfLiveResourceFetchers":[1,2]}) Original change's description: > Check page exist after dispatch dragstart > > frame_->GetPage() may be null. need to check before use GetDragState > This CL reorder the some checks in MouseEventManager::TryStartDrag > to make sure GetPage is valid before start drag. > > Bug: 843502 > Change-Id: Ifdf5b20d7132ca4b089c9a5b7652ebbd41370c33 > Reviewed-on: https://chromium-review.googlesource.com/1064878 > Commit-Queue: Ella Ge <eirage@chromium.org> > Reviewed-by: Navid Zolghadr <nzolghadr@chromium.org> > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > Cr-Commit-Position: refs/heads/master@{#561262} TBR=dcheng@chromium.org,nzolghadr@chromium.org,eirage@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 843502 Change-Id: I9412bbdf67a93acccbe4a75c5b50deee832eac97 Reviewed-on: https://chromium-review.googlesource.com/1072968 Reviewed-by: Trent Apted <tapted@chromium.org> Commit-Queue: Trent Apted <tapted@chromium.org> Cr-Commit-Position: refs/heads/master@{#561801} [delete] https://crrev.com/008cf51f091cbb5299581fcc837d97bd73fb7833/third_party/WebKit/LayoutTests/fast/events/drag-remove-iframe-crash.html [delete] https://crrev.com/008cf51f091cbb5299581fcc837d97bd73fb7833/third_party/WebKit/LayoutTests/fast/events/resources/drag-inside-iframe.html [modify] https://crrev.com/6bfaed76fc307bc5f336abffba350f459603936d/third_party/blink/renderer/core/input/mouse_event_manager.cc
,
May 25 2018
,
May 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/67834de480a5df1213673ae5326e03f25a332950 commit 67834de480a5df1213673ae5326e03f25a332950 Author: Ella Ge <eirage@chromium.org> Date: Wed May 30 19:28:31 2018 Reland "Check page exist after dispatch dragstart" This is a reland of 2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c The CL was reverted because of failures on the leak bot. However the leak is not cause by the test or the patch. Add the exception for the test for further investigation. Original change's description: > Check page exist after dispatch dragstart > > frame_->GetPage() may be null. need to check before use GetDragState > This CL reorder the some checks in MouseEventManager::TryStartDrag > to make sure GetPage is valid before start drag. > > Bug: 843502 > Change-Id: Ifdf5b20d7132ca4b089c9a5b7652ebbd41370c33 > Reviewed-on: https://chromium-review.googlesource.com/1064878 > Commit-Queue: Ella Ge <eirage@chromium.org> > Reviewed-by: Navid Zolghadr <nzolghadr@chromium.org> > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > Cr-Commit-Position: refs/heads/master@{#561262} Bug: 843502 Change-Id: I093da085a84eecf2937d522b762b2feeeb1d7947 Reviewed-on: https://chromium-review.googlesource.com/1079247 Commit-Queue: Ella Ge <eirage@chromium.org> Reviewed-by: Navid Zolghadr <nzolghadr@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#562953} [modify] https://crrev.com/67834de480a5df1213673ae5326e03f25a332950/third_party/WebKit/LayoutTests/LeakExpectations [add] https://crrev.com/67834de480a5df1213673ae5326e03f25a332950/third_party/WebKit/LayoutTests/fast/events/drag-remove-iframe-crash.html [modify] https://crrev.com/67834de480a5df1213673ae5326e03f25a332950/third_party/blink/renderer/core/input/mouse_event_manager.cc
,
May 30 2018
,
May 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5af8e7eb325d9b21d61ee5a15ae24cd6e047b3a1 commit 5af8e7eb325d9b21d61ee5a15ae24cd6e047b3a1 Author: Adithya Srinivasan <adithyas@chromium.org> Date: Wed May 30 21:05:21 2018 Revert "Reland "Check page exist after dispatch dragstart"" This reverts commit 67834de480a5df1213673ae5326e03f25a332950. Reason for revert: Causing failures on WebKit Linux Trusty Leak (https://ci.chromium.org/buildbot/chromium.webkit/WebKit%20Linux%20Trusty%20Leak/19550) Original change's description: > Reland "Check page exist after dispatch dragstart" > > This is a reland of 2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c > > The CL was reverted because of failures on the leak bot. > However the leak is not cause by the test or the patch. > Add the exception for the test for further investigation. > > Original change's description: > > Check page exist after dispatch dragstart > > > > frame_->GetPage() may be null. need to check before use GetDragState > > This CL reorder the some checks in MouseEventManager::TryStartDrag > > to make sure GetPage is valid before start drag. > > > > Bug: 843502 > > Change-Id: Ifdf5b20d7132ca4b089c9a5b7652ebbd41370c33 > > Reviewed-on: https://chromium-review.googlesource.com/1064878 > > Commit-Queue: Ella Ge <eirage@chromium.org> > > Reviewed-by: Navid Zolghadr <nzolghadr@chromium.org> > > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#561262} > > Bug: 843502 > Change-Id: I093da085a84eecf2937d522b762b2feeeb1d7947 > Reviewed-on: https://chromium-review.googlesource.com/1079247 > Commit-Queue: Ella Ge <eirage@chromium.org> > Reviewed-by: Navid Zolghadr <nzolghadr@chromium.org> > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > Cr-Commit-Position: refs/heads/master@{#562953} TBR=dcheng@chromium.org,nzolghadr@chromium.org,eirage@chromium.org Change-Id: I5546c2b3469ecbf1ad40cc47ab8437075073abd5 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 843502 Reviewed-on: https://chromium-review.googlesource.com/1079968 Reviewed-by: Adithya Srinivasan <adithyas@chromium.org> Commit-Queue: Adithya Srinivasan <adithyas@chromium.org> Cr-Commit-Position: refs/heads/master@{#562991} [modify] https://crrev.com/5af8e7eb325d9b21d61ee5a15ae24cd6e047b3a1/third_party/WebKit/LayoutTests/LeakExpectations [delete] https://crrev.com/18c9afdfdca9ba786f0feed6c14074cc468984b9/third_party/WebKit/LayoutTests/fast/events/drag-remove-iframe-crash.html [modify] https://crrev.com/5af8e7eb325d9b21d61ee5a15ae24cd6e047b3a1/third_party/blink/renderer/core/input/mouse_event_manager.cc
,
May 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7367f6b13030dba979d66812be4dcfcbdc0d8386 commit 7367f6b13030dba979d66812be4dcfcbdc0d8386 Author: Ella Ge <eirage@chromium.org> Date: Wed May 30 21:12:41 2018 Reland "Reland "Check page exist after dispatch dragstart"" This reverts commit 5af8e7eb325d9b21d61ee5a15ae24cd6e047b3a1. Reason for revert: <INSERT REASONING HERE> Original change's description: > Revert "Reland "Check page exist after dispatch dragstart"" > > This reverts commit 67834de480a5df1213673ae5326e03f25a332950. > > Reason for revert: Causing failures on WebKit Linux Trusty Leak (https://ci.chromium.org/buildbot/chromium.webkit/WebKit%20Linux%20Trusty%20Leak/19550) > > Original change's description: > > Reland "Check page exist after dispatch dragstart" > > > > This is a reland of 2c03b1bd91bfb4ef7e67030eb6c5b857056f8d3c > > > > The CL was reverted because of failures on the leak bot. > > However the leak is not cause by the test or the patch. > > Add the exception for the test for further investigation. > > > > Original change's description: > > > Check page exist after dispatch dragstart > > > > > > frame_->GetPage() may be null. need to check before use GetDragState > > > This CL reorder the some checks in MouseEventManager::TryStartDrag > > > to make sure GetPage is valid before start drag. > > > > > > Bug: 843502 > > > Change-Id: Ifdf5b20d7132ca4b089c9a5b7652ebbd41370c33 > > > Reviewed-on: https://chromium-review.googlesource.com/1064878 > > > Commit-Queue: Ella Ge <eirage@chromium.org> > > > Reviewed-by: Navid Zolghadr <nzolghadr@chromium.org> > > > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#561262} > > > > Bug: 843502 > > Change-Id: I093da085a84eecf2937d522b762b2feeeb1d7947 > > Reviewed-on: https://chromium-review.googlesource.com/1079247 > > Commit-Queue: Ella Ge <eirage@chromium.org> > > Reviewed-by: Navid Zolghadr <nzolghadr@chromium.org> > > Reviewed-by: Daniel Cheng <dcheng@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#562953} > > TBR=dcheng@chromium.org,nzolghadr@chromium.org,eirage@chromium.org > > Change-Id: I5546c2b3469ecbf1ad40cc47ab8437075073abd5 > No-Presubmit: true > No-Tree-Checks: true > No-Try: true > Bug: 843502 > Reviewed-on: https://chromium-review.googlesource.com/1079968 > Reviewed-by: Adithya Srinivasan <adithyas@chromium.org> > Commit-Queue: Adithya Srinivasan <adithyas@chromium.org> > Cr-Commit-Position: refs/heads/master@{#562991} TBR=dcheng@chromium.org,nzolghadr@chromium.org,adithyas@chromium.org,eirage@chromium.org Change-Id: I39f2b3b871370c18aa2da4aa6ae6f6c5d6db61d6 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 843502 Reviewed-on: https://chromium-review.googlesource.com/1079987 Reviewed-by: Ella Ge <eirage@chromium.org> Commit-Queue: Ella Ge <eirage@chromium.org> Cr-Commit-Position: refs/heads/master@{#562994} [modify] https://crrev.com/7367f6b13030dba979d66812be4dcfcbdc0d8386/third_party/WebKit/LayoutTests/LeakExpectations [add] https://crrev.com/7367f6b13030dba979d66812be4dcfcbdc0d8386/third_party/WebKit/LayoutTests/fast/events/drag-remove-iframe-crash.html [modify] https://crrev.com/7367f6b13030dba979d66812be4dcfcbdc0d8386/third_party/blink/renderer/core/input/mouse_event_manager.cc |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ClusterFuzz
, May 16 2018Labels: Test-Predator-Auto-Components