Null-dereference READ in software_compositor |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4558193297195008 Fuzzer: inferno_twister Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: software_compositor cc::VideoResourceUpdater::CreateForSoftwarePlanes cc::VideoResourceUpdater::CreateExternalResourcesFromVideoFrame Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=559375:559378 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4558193297195008 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 27 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/939341785c4fc716537629347a8357cfdcc8dd1d (Check |frame_sink_destroyed_callback_| before running.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
May 29 2018
,
May 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/46bdd8014f81ed03bcf28b92cef6b6713e006dc0 commit 46bdd8014f81ed03bcf28b92cef6b6713e006dc0 Author: CJ DiMeglio <lethalantidote@chromium.org> Date: Wed May 30 20:27:17 2018 Add check for |resource_provider_| initalization. This CL adds a check to prevent submission before the |resource_provider_| has been initialized. This could happen if we get a signal from VideoFrameCompositor to EnableSubmission before we had ObtainContextProvider retun back to us. Bug: 847065 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: I8b824273613ef147529c2de077bc78d831edf9eb Reviewed-on: https://chromium-review.googlesource.com/1077201 Reviewed-by: Justin Novosad <junov@chromium.org> Commit-Queue: CJ DiMeglio <lethalantidote@chromium.org> Cr-Commit-Position: refs/heads/master@{#562977} [modify] https://crrev.com/46bdd8014f81ed03bcf28b92cef6b6713e006dc0/third_party/blink/renderer/platform/graphics/video_frame_submitter.cc
,
May 30 2018
,
May 30 2018
Issue 847849 has been merged into this issue.
,
May 31 2018
ClusterFuzz testcase 4558193297195008 appears to be flaky, updating reproducibility label.
,
Jun 4 2018
,
Jun 4 2018
Approved - branch:3440
,
Jun 4 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d50fbff59549aebe16165c654daad10702924171 commit d50fbff59549aebe16165c654daad10702924171 Author: CJ DiMeglio <lethalantidote@chromium.org> Date: Mon Jun 04 23:11:20 2018 Add check for |resource_provider_| initalization. This CL adds a check to prevent submission before the |resource_provider_| has been initialized. This could happen if we get a signal from VideoFrameCompositor to EnableSubmission before we had ObtainContextProvider retun back to us. Bug: 847065 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2 Change-Id: I8b824273613ef147529c2de077bc78d831edf9eb Reviewed-on: https://chromium-review.googlesource.com/1077201 Reviewed-by: Justin Novosad <junov@chromium.org> Commit-Queue: CJ DiMeglio <lethalantidote@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#562977}(cherry picked from commit 46bdd8014f81ed03bcf28b92cef6b6713e006dc0) Reviewed-on: https://chromium-review.googlesource.com/1086248 Reviewed-by: CJ DiMeglio <lethalantidote@chromium.org> Cr-Commit-Position: refs/branch-heads/3440@{#176} Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733} [modify] https://crrev.com/d50fbff59549aebe16165c654daad10702924171/third_party/blink/renderer/platform/graphics/video_frame_submitter.cc |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, May 27 2018Labels: Test-Predator-Auto-Components