New issue
Advanced search Search tips

Issue 859223 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Jul 4
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Null-dereference READ in media::VideoResourceUpdater::CreateExternalResourcesFromVideoFrame

Project Member Reported by ClusterFuzz, Jun 29 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5705366663593984

Fuzzer: inferno_canvas_wrecker
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  media::VideoResourceUpdater::CreateExternalResourcesFromVideoFrame
  blink::VideoFrameResourceProvider::AppendQuads
  blink::VideoFrameSubmitter::SubmitFrame
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=525711:525746

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5705366663593984

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Jun 29 2018

Components: Blink>Paint Internals>Media
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Cc: kkaluri@chromium.org
Labels: M-68 Test-Predator-Wrong CF-NeedsTriage
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from Dev team to look in to this issue.

Thanks!
Components: -Blink>Paint -Internals>Media Internals>Media>Codecs
Labels: -Pri-1 Pri-2
Null reads are P2.
Owner: lethalantidote@chromium.org
Status: Available (was: Untriaged)
Cc: liber...@chromium.org
Status: Assigned (was: Available)
Cc: mlamouri@chromium.org
The regression range is from December and the crash seems to only affect Beta and Stable according to ClusterFuzz. Probably a WontFix as we are not shipping with Beta/Stable.
Project Member

Comment 7 by ClusterFuzz, Jul 3

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 5705366663593984 appears to be flaky, updating reproducibility label.
Project Member

Comment 8 by ClusterFuzz, Jul 4

ClusterFuzz has detected this issue as fixed in range 572492:572493.

Detailed report: https://clusterfuzz.com/testcase?key=5705366663593984

Fuzzer: inferno_canvas_wrecker
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000008
Crash State:
  media::VideoResourceUpdater::CreateExternalResourcesFromVideoFrame
  blink::VideoFrameResourceProvider::AppendQuads
  blink::VideoFrameSubmitter::SubmitFrame
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=572492:572493

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5705366663593984

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 9 by ClusterFuzz, Jul 4

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5705366663593984 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment