New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 852642 link

Starred by 1 user

Issue metadata

Status: Duplicate
Owner:
Closed: Jun 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Null-dereference READ in media::VideoResourceUpdater::CreateForSoftwarePlanes

Project Member Reported by ClusterFuzz, Jun 14 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6658530770419712

Fuzzer: inferno_flicker
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  media::VideoResourceUpdater::CreateForSoftwarePlanes
  media::VideoResourceUpdater::CreateExternalResourcesFromVideoFrame
  media::VideoResourceUpdater::ObtainFrameResources
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=567059:567060

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6658530770419712

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Jun 14 2018

Labels: OS-Windows OS-Mac
Project Member

Comment 2 by ClusterFuzz, Jun 14 2018

Components: Internals>Media
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 3 by ClusterFuzz, Jun 14 2018

Labels: Test-Predator-Auto-Owner
Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/1a22af9fa3e43595d05540d0048a526425359824 ([PE] Another method to avoid DCHECK when printing repeating fixed-position objects).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Labels: Test-Predator-Wrong-CLs
Owner: ----
Status: Untriaged (was: Assigned)
Cc: brajkumar@chromium.org
Labels: -Type-Bug M-69 Type-Bug-Regression
Owner: kylec...@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, "video_resource_updater.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/df9e9205a243d3636eacf55f57445601896fcb22%5E%21/cc/resources/video_resource_updater.cc

kylechar@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!
Cc: kylec...@chromium.org
Owner: lethalantidote@chromium.org
That CL doesn't change any code. It looks like it's related to UseSurfaceLayerForVideo though.
Project Member

Comment 7 by ClusterFuzz, Jun 14 2018

Labels: Fuzz-Blocker ReleaseBlock-Beta
This crash occurs very frequently on mac platform and is likely preventing the fuzzer inferno_flicker from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.
Cc: mlamouri@chromium.org
Project Member

Comment 9 by ClusterFuzz, Jun 15 2018

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6658530770419712 appears to be flaky, updating reproducibility label.
M69 branch is coming soon on July 19th, Your bug is marked as ReleaseBlock-Beta for M69. Please try to land the fix ASAP to trunk in order to prevent many merges going after M69 branch. This will also help us to branch M69 from high quality trunk. Thank you.


Mergedinto: 855051
Status: Duplicate (was: Assigned)
The stack is similar to bug 855051 so I'm going to dup this.

Sign in to add a comment