Null-dereference READ in chrome |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6380441763053568 Fuzzer: inferno_twister Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: chrome blink::WebLocalFrameImpl::LocalRoot blink::WebLocalFrameImpl::LocalRootFrameWidget Sanitizer: cfi (CFI) Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=582536:582538 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6380441763053568 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 14
Predator and CL could not provide any possible suspects. Using Code Search for the file, "core/frame/web_local_frame_impl.cc" suspecting the below Cl might have caused this issue Suspect CL: https://chromium.googlesource.com/chromium/src/+/02a177efe6b2aa5f042064aa981003ee6c2ef996 dcheng@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Aug 14
kenrb, do you mind looking at this one? I don't have an immediate theory on what's going on--we're in the middle of update style, where script should be forbidden, but maybe the frame is detached somehow?
,
Aug 14
ClusterFuzz testcase 6380441763053568 appears to be flaky, updating reproducibility label.
,
Aug 19
Issue 875582 looks related as well.
,
Aug 28
ClusterFuzz testcase 6380441763053568 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Aug 13Labels: Test-Predator-Auto-Components