Issue metadata
Sign in to add a comment
|
Null-dereference READ in ProfileChooserView::CreateCurrentProfileView |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5738256583622656 Fuzzer: bj_broddelwerk Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: ProfileChooserView::CreateCurrentProfileView ProfileChooserView::CreateProfileChooserView ProfileChooserView::ShowView Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=570225:570238 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5738256583622656 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 28 2018
Predator and CL could not provide any possible suspects. Using the code search for the file, “profile_chooser_view.cc” assigning to concern owner from GIT blame. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/7821d1cbb73cdaee70f4e4d013fa62a3ce345cd7 @droger -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Jun 28 2018
tentatively assigning to tangltom, assuming he's familiar with that code. I don't think it's related to my CL, unless somehow browser()->profile() changes during the execution of the function. I don't think it's possible, but maybe Thomas could confirm.
,
Jun 28 2018
Thomas: is it possible that we're trying to create this view for a profile that has been deleted?
,
Jun 29 2018
This should not be the case because the profilechooserview belongs to a browser and a browser belongs to a profile.
,
Jun 29 2018
It's reproducible (with ClusterFuzz), but we have no idea how this testcase can actually happen with a real user. Apparently, the user menu gets opened when in Incognito mode. This should not be possible and therefore has unexpected behavior (in this case it's a crash).
,
Jul 11
ClusterFuzz has detected this issue as fixed in range 573652:573654. Detailed report: https://clusterfuzz.com/testcase?key=5738256583622656 Fuzzer: bj_broddelwerk Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: ProfileChooserView::CreateCurrentProfileView ProfileChooserView::CreateProfileChooserView ProfileChooserView::ShowView Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=570225:570238 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=573652:573654 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5738256583622656 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 11
ClusterFuzz testcase 5738256583622656 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jul 13
Probably a duplicate of bug 863154
,
Jul 13
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jun 27 2018Labels: Test-Predator-Auto-Components