New issue
Advanced search Search tips

Issue 869239 link

Starred by 1 user
Status: Fixed
Owner:
rakina@chromium.org
Closed: Sep 25
Cc:
pnangunoori@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Null-dereference READ in blink::WebDocument::IsPluginDocument

Project Member Reported by ClusterFuzz, Jul 31 
Detailed report: https://clusterfuzz.com/testcase?key=5119353130057728

Fuzzer: marty_html_twiddler
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  blink::WebDocument::IsPluginDocument
  blink::FindInPage::GetWebPluginForFind
  blink::FindInPage::StopFinding
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=579020:579022

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5119353130057728

Additional requirements: Requires Gestures

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by pnangunoori@chromium.org, Jul 31

Cc: pnangunoori@chromium.org
Labels: Test-Predator-Wrong M-70
Owner: rakina@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.
Using the code search for the file, “find_in_page.cc” assigning to owner concerned from GIT blame.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/0ac91e13c4ee1096afd1f2ba4b81c2e837719190
https://chromium.googlesource.com/chromium/src/+/8ebb380eaa05dce29283707df86679f5768f2c85

@rakina -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
Thank You.

Comment 2 by rakina@chromium.org, Aug 1

Labels: -Pri-1 Pri-3

Comment 3 by rakina@chromium.org, Sep 25

Status: Fixed (was: Assigned)
I think this is fixed along with crbug.com/875767.
Project Member

Comment 4 by ClusterFuzz, Oct 2

Labels: Needs-Feedback
ClusterFuzz testcase 5119353130057728 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

Sign in to add a comment