Null-dereference READ in cc::Layer::SetIsDrawable |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5780706320711680 Fuzzer: ochang_media_mutator Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x0000000000cc Crash State: cc::Layer::SetIsDrawable blink::PictureInPictureInterstitial::Show blink::HTMLVideoElement::OnEnteredPictureInPicture Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5780706320711680 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 28
,
Aug 30
Predator and CL could not provide any possible suspects. Using Code Search for the file, "picture_in_picture_interstitial.cc" suspecting the below Cl might have caused this issue Suspect CL: https://chromium.googlesource.com/chromium/src/+/8d204a47e52eba9b79de87c8df23c3c3c0d70327 danakj@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Sep 4
PictureInPictureInterstitial::Show is using a null cc::Layer? Assigning there.
,
Sep 21
ClusterFuzz has detected this issue as fixed in range 592979:592980. Detailed report: https://clusterfuzz.com/testcase?key=5780706320711680 Fuzzer: ochang_media_mutator Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x0000000000cc Crash State: cc::Layer::SetIsDrawable blink::PictureInPictureInterstitial::Show blink::HTMLVideoElement::OnEnteredPictureInPicture Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=592979:592980 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5780706320711680 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 21
ClusterFuzz testcase 5780706320711680 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by dtapu...@chromium.org
, Aug 24