Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/fcaed64b595c2ff1c78ad83b0c8212a345cb9d72 (Add a regression test for MIDIOutput.send() with non-zero timestamp).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Lowering the severity as this is test only.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/20e63a0df5a1181b9b6775d3f4480d07761ef10c

commit 20e63a0df5a1181b9b6775d3f4480d07761ef10c
Author: tzik <tzik@chromium.org>
Date: Thu May 24 06:44:06 2018

Clear a dangling reference from WebMIDIAccessor to MIDIAccessorClient

Implementations of WebMIDIAccessor in //content holds an raw pointer to
MIDIAccessorClient, however, the pointer may be invalid between GC marking
and its sweeping.

This CL removes the pointer by clearing WebMIDIAccessor itself on the
context destruction.

Bug:  846182 
Change-Id: I857769a34b6c64e48b0540a117b29c94194ed611
Reviewed-on: https://chromium-review.googlesource.com/1071157
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#561407}
[modify] https://crrev.com/20e63a0df5a1181b9b6775d3f4480d07761ef10c/third_party/blink/renderer/modules/webmidi/midi_access_initializer.cc

The description of #c5 seems inaccurate, though the CL itself makes sense, as MIDIAccessInitializer is marked as EAGERLY_FINALIZE, and MIDIAccesorClient held by MockWebMIDIAccessor is not MIDIAccessInitializer.

Preparing another CL for the actual fix.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/be0fe705f701725f3c1b8ea5a3602c5121cdd604

commit be0fe705f701725f3c1b8ea5a3602c5121cdd604
Author: tzik <tzik@chromium.org>
Date: Fri May 25 02:32:59 2018

Fix delayed data dispatch on MockWebMIDIAccessor

When MockWebMIDIAccessor works as a loopback device, it delays the data
dispatch. However, it passes an expiring buffer when posting the task.
That causes a UAF on a layout test.

Bug:  846182 
Change-Id: I016da63055fecc7c4d2eeb3f8f7286135b4020a2
Reviewed-on: https://chromium-review.googlesource.com/1071367
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Kent Tamura <tkent@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#561743}
[modify] https://crrev.com/be0fe705f701725f3c1b8ea5a3602c5121cdd604/content/shell/test_runner/mock_web_midi_accessor.cc
[modify] https://crrev.com/be0fe705f701725f3c1b8ea5a3602c5121cdd604/content/shell/test_runner/mock_web_midi_accessor.h

ClusterFuzz has detected this issue as fixed in range 561739:561744.

Detailed report: https://clusterfuzz.com/testcase?key=6006036302135296

Fuzzer: inferno_twister
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: Heap-use-after-free READ 1
Crash Address: 0x114526866e00
Crash State:
  blink::MIDIInput::DidReceiveMIDIData
  base::internal::Invoker<base::internal::BindState<void
  base::debug::TaskAnnotator::RunTask
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=559816:559817
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=561739:561744

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6006036302135296

Additional requirements: Requires HTTP

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6006036302135296 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot