Null-dereference READ in blink::FlatTreeTraversalNg::TraverseParent |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5038778713112576 Fuzzer: marty_html_twiddler Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: blink::FlatTreeTraversalNg::TraverseParent blink::LayoutSelection::Commit blink::LayoutView::CommitPendingSelection Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=577113:577114 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5038778713112576 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 23
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Jul 23
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/5d3212dab69f0b09168daaf14e3634e0a9d5ae62 (Stabilize LayoutSelection). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jul 24
,
Jul 30
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/387d96762692aa943bef66e2753b39fc2167c8c2 commit 387d96762692aa943bef66e2753b39fc2167c8c2 Author: James Cook <jamescook@chromium.org> Date: Mon Jul 30 15:51:27 2018 cros: Remove lock state methods from ash::ShellPort We no longer have mash vs. classic configs in ash, and there's only one implementation of ShellPort. As a step towards eliminating ShellPort, remove the lock state methods from it. Bug: 866425 Test: ash_unittests Change-Id: I8c02c89b62ef43a1f14727e0baae79d07ed3c4b5 Reviewed-on: https://chromium-review.googlesource.com/1153844 Reviewed-by: Michael Wasserman <msw@chromium.org> Commit-Queue: James Cook <jamescook@chromium.org> Cr-Commit-Position: refs/heads/master@{#579049} [modify] https://crrev.com/387d96762692aa943bef66e2753b39fc2167c8c2/ash/shelf/shelf_layout_manager.cc [modify] https://crrev.com/387d96762692aa943bef66e2753b39fc2167c8c2/ash/shelf/shelf_locking_manager.cc [modify] https://crrev.com/387d96762692aa943bef66e2753b39fc2167c8c2/ash/shell_port.cc [modify] https://crrev.com/387d96762692aa943bef66e2753b39fc2167c8c2/ash/shell_port.h [modify] https://crrev.com/387d96762692aa943bef66e2753b39fc2167c8c2/ash/system/power/power_button_controller.cc [modify] https://crrev.com/387d96762692aa943bef66e2753b39fc2167c8c2/ash/wm/lock_state_controller.cc [modify] https://crrev.com/387d96762692aa943bef66e2753b39fc2167c8c2/ash/wm/lock_state_controller.h
,
Sep 13
ClusterFuzz has detected this issue as fixed in range 590633:590634. Detailed report: https://clusterfuzz.com/testcase?key=5038778713112576 Fuzzer: marty_html_twiddler Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: blink::FlatTreeTraversalNg::TraverseParent blink::LayoutSelection::Commit blink::LayoutView::CommitPendingSelection Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=577113:577114 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=590633:590634 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5038778713112576 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Jul 23