Null-dereference READ in blink::WebPluginContainerImpl::EnqueueMessageEvent |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5112262701088768 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: blink::WebPluginContainerImpl::EnqueueMessageEvent content::MessageChannel::PostMessageToJavaScriptImpl content::MessageChannel::DrainJSMessageQueue Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=563062:563065 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5112262701088768 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 31 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/14eeb1d5b6369a4fefa57973bf6b646469f72e35 (Migrate fullscreen to use top layer.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
May 31 2018
I cannot reproduce this. Tried exact build, build built locally at the change, high iteration count and a ToT build. Rerunning the job on clusterfuzz to see if this is reproducible there.
,
Jun 1 2018
,
Jun 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/269321e37911fc1bdcc27c4bb311637fdf6fc995 commit 269321e37911fc1bdcc27c4bb311637fdf6fc995 Author: Dave Tapuska <dtapuska@chromium.org> Date: Fri Jun 01 02:55:00 2018 Add some CHECKs to debug null derfef. Add a few checks to debug a null-deref on clusterfuzz. BUG= 848264 Change-Id: If2569d972888e51224fcd4ddab834aaf1bb65d99 Reviewed-on: https://chromium-review.googlesource.com/1081203 Reviewed-by: David Bokan <bokan@chromium.org> Commit-Queue: Dave Tapuska <dtapuska@chromium.org> Cr-Commit-Position: refs/heads/master@{#563504} [modify] https://crrev.com/269321e37911fc1bdcc27c4bb311637fdf6fc995/third_party/blink/renderer/core/exported/web_plugin_container_impl.cc
,
Jun 1 2018
ClusterFuzz has detected this issue as fixed in range 563501:563502. Detailed report: https://clusterfuzz.com/testcase?key=5112262701088768 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: blink::WebPluginContainerImpl::EnqueueMessageEvent content::MessageChannel::PostMessageToJavaScriptImpl content::MessageChannel::DrainJSMessageQueue Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=563062:563065 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=563501:563502 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5112262701088768 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 1 2018
ClusterFuzz testcase 5112262701088768 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b16c163ced8a3dd8ea8cfcf25eac42e48ad9513b commit b16c163ced8a3dd8ea8cfcf25eac42e48ad9513b Author: Dave Tapuska <dtapuska@chromium.org> Date: Fri Jun 01 13:13:26 2018 Revert "Add some CHECKs to debug null derfef." This reverts commit 269321e37911fc1bdcc27c4bb311637fdf6fc995. Reason for revert: Clusterfuzz no longer believes this is an issue. Original change's description: > Add some CHECKs to debug null derfef. > > Add a few checks to debug a null-deref on clusterfuzz. > > BUG= 848264 > > Change-Id: If2569d972888e51224fcd4ddab834aaf1bb65d99 > Reviewed-on: https://chromium-review.googlesource.com/1081203 > Reviewed-by: David Bokan <bokan@chromium.org> > Commit-Queue: Dave Tapuska <dtapuska@chromium.org> > Cr-Commit-Position: refs/heads/master@{#563504} TBR=bokan@chromium.org,dtapuska@chromium.org Change-Id: I8c45c2e1dfb3ff148028e9cb7de9a3ee9ce037dc No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 848264 Reviewed-on: https://chromium-review.googlesource.com/1082452 Reviewed-by: Dave Tapuska <dtapuska@chromium.org> Commit-Queue: Dave Tapuska <dtapuska@chromium.org> Cr-Commit-Position: refs/heads/master@{#563604} [modify] https://crrev.com/b16c163ced8a3dd8ea8cfcf25eac42e48ad9513b/third_party/blink/renderer/core/exported/web_plugin_container_impl.cc
,
Jun 4 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/154859c26e051f2c5868e068120515cd095a8f00 commit 154859c26e051f2c5868e068120515cd095a8f00 Author: Dave Tapuska <dtapuska@chromium.org> Date: Mon Jun 04 14:36:50 2018 Reland "Add some CHECKs to debug null derfef." This is a reland of 269321e37911fc1bdcc27c4bb311637fdf6fc995 Original change's description: > Add some CHECKs to debug null derfef. > > Add a few checks to debug a null-deref on clusterfuzz. > > BUG= 848264 > > Change-Id: If2569d972888e51224fcd4ddab834aaf1bb65d99 > Reviewed-on: https://chromium-review.googlesource.com/1081203 > Reviewed-by: David Bokan <bokan@chromium.org> > Commit-Queue: Dave Tapuska <dtapuska@chromium.org> > Cr-Commit-Position: refs/heads/master@{#563504} Bug: 848264 Change-Id: I38911e15ead406203028a74930c74bf0bd1dcbfd Reviewed-on: https://chromium-review.googlesource.com/1084908 Reviewed-by: David Bokan <bokan@chromium.org> Commit-Queue: Dave Tapuska <dtapuska@chromium.org> Cr-Commit-Position: refs/heads/master@{#564085} [modify] https://crrev.com/154859c26e051f2c5868e068120515cd095a8f00/third_party/blink/renderer/core/exported/web_plugin_container_impl.cc |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, May 31 2018Labels: Test-Predator-Auto-Components