Issue 859107 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	yukishiino@chromium.org
Closed:	Jul 13
Cc:	yukishiino@chromium.org lfg@chromium.org
Components:	Blink>Bindings
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Stability-Crash Clusterfuzz Unreproducible Stability-UndefinedBehaviorSanitizer Test-Predator-Auto-Components

Null-dereference READ in blink::ScriptState::From

Project Member Reported by ClusterFuzz, Jun 29 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5643180838748160

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  blink::ScriptState::From
  blink::CallbackInterfaceBase::CallbackInterfaceBase
  blink::V8EntryCallback::V8EntryCallback
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=570924:570982

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5643180838748160

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Jun 29 2018

Components: Blink>Bindings
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by raphael....@intel.com, Jun 30 2018

Cc: yukishiino@chromium.org

Tentatively cc'ing yukishiino due to the callback part of the backtrace.

Comment 3 by kkaluri@chromium.org, Jul 3

Components: Blink>JavaScript

Comment 4 by peria@chromium.org, Jul 4

Owner: yukishiino@chromium.org
Status: Available (was: Untriaged)

Project Member

Comment 5 by ClusterFuzz, Jul 4

Labels: -Reproducible Unreproducible

ClusterFuzz testcase 5643180838748160 appears to be flaky, updating reproducibility label.

Comment 6 by yukishiino@chromium.org, Jul 11

Components: -Blink>JavaScript
Labels: -Pri-1 Pri-2
Status: Assigned (was: Available)

Not reproducible on ToT.

Project Member

Comment 7 by ClusterFuzz, Jul 13

Status: WontFix (was: Assigned)

ClusterFuzz testcase 5643180838748160 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 859107 link

Issue metadata

Null-dereference READ in blink::ScriptState::From

Issue description

Comment 1 by ClusterFuzz, Jun 29 2018

Comment 1 Deleted

Comment 2 by raphael....@intel.com, Jun 30 2018

Comment 2 Deleted

Comment 3 by kkaluri@chromium.org, Jul 3

Comment 3 Deleted

Comment 4 by peria@chromium.org, Jul 4

Comment 4 Deleted

Comment 5 by ClusterFuzz, Jul 4

Comment 5 Deleted

Comment 6 by yukishiino@chromium.org, Jul 11

Comment 6 Deleted

Comment 7 by ClusterFuzz, Jul 13

Comment 7 Deleted

Sign in to add a comment