Issue 848714 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	dtapu...@chromium.org
Closed:	Jun 2018
Cc:	█ brajkumar@chromium.org
Components:	Internals>Plugins>Pepper
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Clusterfuzz Unreproducible Stability-UndefinedBehaviorSanitizer Test-Predator-Wrong Test-Predator-Auto-Components

CHECK failure: element_->GetExecutionContext() in web_plugin_container_impl.cc

Project Member Reported by ClusterFuzz, Jun 1 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6175043365896192

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_ubsan_vptr_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  element_->GetExecutionContext() in web_plugin_container_impl.cc
  blink::WebPluginContainerImpl::EnqueueMessageEvent
  content::MessageChannel::PostMessageToJavaScriptImpl
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=563560:563561

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6175043365896192

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Jun 1 2018

Components: Blink Internals>Plugins>Pepper
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by cbiesin...@chromium.org, Jun 1 2018

Components: -Blink

Project Member

Comment 3 by ClusterFuzz, Jun 2 2018

Labels: -Reproducible Unreproducible

ClusterFuzz testcase 6175043365896192 appears to be flaky, updating reproducibility label.

Comment 4 by brajkumar@chromium.org, Jun 5 2018

Cc: brajkumar@chromium.org
Labels: Test-Predator-Wrong
Owner: dtapu...@chromium.org
Status: Assigned (was: Untriaged)

By comparing the crash state, this issue looks similar to  bug 849079 , hence assigning to the same owner for more updates.

dtapuska@ Could you please take a look in to this issue?

Thanks!

Project Member

Comment 5 by bugdroid1@chromium.org, Jun 5 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4c46847e0c993273613514c9964f33e52812423c

commit 4c46847e0c993273613514c9964f33e52812423c
Author: Dave Tapuska <dtapuska@chromium.org>
Date: Tue Jun 05 16:18:14 2018

Don't dispatch an event on an empty execution context.

Based on the timing it appears we are occasionally crash dispatching
a event for an execution context that has disappeared.

BUG= 848714 

Change-Id: I57c7ff3e095ea6be5fae48b4fd8af57d72917385
Reviewed-on: https://chromium-review.googlesource.com/1087030
Reviewed-by: David Bokan <bokan@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#564528}
[modify] https://crrev.com/4c46847e0c993273613514c9964f33e52812423c/third_party/blink/renderer/core/exported/web_plugin_container_impl.cc

Comment 6 by dtapu...@chromium.org, Jun 5 2018

Status: Fixed (was: Assigned)

►

Issue 848714 link

Issue metadata

CHECK failure: element_->GetExecutionContext() in web_plugin_container_impl.cc

Issue description

Comment 1 by ClusterFuzz, Jun 1 2018

Comment 1 Deleted

Comment 2 by cbiesin...@chromium.org, Jun 1 2018

Comment 2 Deleted

Comment 3 by ClusterFuzz, Jun 2 2018

Comment 3 Deleted

Comment 4 by brajkumar@chromium.org, Jun 5 2018

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Jun 5 2018

Comment 5 Deleted

Comment 6 by dtapu...@chromium.org, Jun 5 2018

Comment 6 Deleted

Sign in to add a comment