heap-buffer-overflow in [@ SkDashPath::InternalFilter] |
|||||||||||||||||
Issue descriptionBug details copied from https://bugzilla.mozilla.org/show_bug.cgi?id=1483120 where it was reported Tyson Smith (twsmith@mozilla.com) testcase attached ==81806==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000408388 at pc 0x7f0f9a7ef6c9 bp 0x7ffe5a065370 sp 0x7ffe5a065368 READ of size 4 at 0x603000408388 thread T0 (file:// Content) #0 0x7f0f9a7ef6c8 in SkDashPath::InternalFilter(SkPath*, SkPath const&, SkStrokeRec*, SkRect const*, float const*, int, float, int, float, SkDashPath::StrokeRecApplication) src/gfx/skia/skia/src/utils/SkDashPath.cpp:378:31 #1 0x7f0f9a1fee50 in SkDashImpl::filterPath(SkPath*, SkPath const&, SkStrokeRec*, SkRect const*) const src/gfx/skia/skia/src/effects/SkDashPathEffect.cpp:40:12 #2 0x7f0f9a8b90a6 in SkPaint::getFillPath(SkPath const&, SkPath*, SkRect const*, float) const src/gfx/skia/skia/src/core/SkPaint.cpp:1498:37 #3 0x7f0f9a4ceab3 in SkDraw::drawPath(SkPath const&, SkPaint const&, SkMatrix const*, bool, bool, SkBlitter*, SkInitOnceData*) const src/gfx/skia/skia/src/core/SkDraw.cpp:1120:25 #4 0x7f0f9a4cc1dd in drawPath src/gfx/skia/skia/src/core/SkDraw.h:58:15 #5 0x7f0f9a4cc1dd in draw_rect_as_path(SkDraw const&, SkRect const&, SkPaint const&, SkMatrix const*) src/gfx/skia/skia/src/core/SkDraw.cpp:735 #6 0x7f0f9a4cb525 in SkDraw::drawRect(SkRect const&, SkPaint const&, SkMatrix const*, SkRect const*) const src/gfx/skia/skia/src/core/SkDraw.cpp:762:9 #7 0x7f0f9a18bc4d in drawRect src/gfx/skia/skia/src/core/SkDraw.h:44:15 #8 0x7f0f9a18bc4d in SkBitmapDevice::drawRect(SkRect const&, SkPaint const&) src/gfx/skia/skia/src/core/SkBitmapDevice.cpp:296 #9 0x7f0f9a1bd641 in SkCanvas::onDrawRect(SkRect const&, SkPaint const&) src/gfx/skia/skia/src/core/SkCanvas.cpp:2041:27 #10 0x7f0f9a1b4c2c in SkCanvas::drawRect(SkRect const&, SkPaint const&) src/gfx/skia/skia/src/core/SkCanvas.cpp:1712:11 #11 0x7f0f907ff4f2 in mozilla::gfx::DrawTargetSkia::StrokeRect(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::Pattern const&, mozilla::gfx::StrokeOptions const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/DrawTargetSkia.cpp:936:12 #12 0x7f0f94f666ce in mozilla::dom::CanvasRenderingContext2D::StrokeRect(double, double, double, double) src/dom/canvas/CanvasRenderingContext2D.cpp:3151:5 #13 0x7f0f9367320d in mozilla::dom::CanvasRenderingContext2D_Binding::strokeRect(JSContext*, JS::Handle<JSObject*>, mozilla::dom::CanvasRenderingContext2D*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:5476:9 #14 0x7f0f94e24759 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3311:13 #15 0x7f0f9c0a1b0e in CallJSNative src/js/src/vm/Interpreter.cpp:445:15 #16 0x7f0f9c0a1b0e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:533 #17 0x7f0f9c08c3f7 in CallFromStack src/js/src/vm/Interpreter.cpp:590:12 #18 0x7f0f9c08c3f7 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3239 #19 0x7f0f9c07280e in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:425:12 #20 0x7f0f9c0a23e4 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:557:15 #21 0x7f0f9c0a3972 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:603:10 #22 0x7f0f9cb26b4a in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:2915:12 #23 0x7f0f944297fe in mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventListenerBinding.cpp:51:8 #24 0x7f0f9569983e in HandleEvent<mozilla::dom::EventTarget *> src/obj-firefox/dist/include/mozilla/dom/EventListenerBinding.h:66:12 #25 0x7f0f9569983e in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1108 #26 0x7f0f9569b9c6 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1342:20 #27 0x7f0f9567f5c9 in HandleEvent src/obj-firefox/dist/include/mozilla/EventListenerManager.h:390:5 #28 0x7f0f9567f5c9 in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:418 #29 0x7f0f9567d883 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:635:16 #30 0x7f0f956840de in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1110:9 #31 0x7f0f98284f7f in nsDocumentViewer::LoadComplete(nsresult) src/layout/base/nsDocumentViewer.cpp:1169:7 #32 0x7f0f9aff7a4c in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) src/docshell/base/nsDocShell.cpp:7054:21 #33 0x7f0f9aff262a in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp:6847:7 #34 0x7f0f9affc207 in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) src/docshell/base/nsDocShell.cpp #35 0x7f0f905ca365 in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) src/uriloader/base/nsDocLoader.cpp:1309:3 #36 0x7f0f905c8f8c in nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) src/uriloader/base/nsDocLoader.cpp:852:14 #37 0x7f0f905c4a91 in nsDocLoader::DocLoaderIsEmpty(bool) src/uriloader/base/nsDocLoader.cpp:741:9 #38 0x7f0f905c7578 in nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp:627:5 #39 0x7f0f905c8ab4 in non-virtual thunk to nsDocLoader::OnStopRequest(nsIRequest*, nsISupports*, nsresult) src/uriloader/base/nsDocLoader.cpp #40 0x7f0f8e0db467 in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) src/netwerk/base/nsLoadGroup.cpp:629:28 #41 0x7f0f91e84c27 in DoUnblockOnload src/dom/base/nsDocument.cpp:8301:18 #42 0x7f0f91e84c27 in nsDocument::UnblockOnload(bool) src/dom/base/nsDocument.cpp:8223 #43 0x7f0f91e6168d in nsIDocument::DispatchContentLoadedEvents() src/dom/base/nsDocument.cpp:5095:3 #44 0x7f0f91f232cb in applyImpl<nsIDocument, void (nsIDocument::*)()> src/obj-firefox/dist/include/nsThreadUtils.h:1168:12 #45 0x7f0f91f232cb in apply<nsIDocument, void (nsIDocument::*)()> src/obj-firefox/dist/include/nsThreadUtils.h:1174 #46 0x7f0f91f232cb in mozilla::detail::RunnableMethodImpl<nsIDocument*, void (nsIDocument::*)(), true, (mozilla::RunnableKind)0>::Run() src/obj-firefox/dist/include/nsThreadUtils.h:1219 #47 0x7f0f8de37062 in mozilla::SchedulerGroup::Runnable::Run() src/xpcom/threads/SchedulerGroup.cpp:337:32 #48 0x7f0f8de74420 in nsThread::ProcessNextEvent(bool, bool*) src/xpcom/threads/nsThread.cpp:1235:14 #49 0x7f0f8de7d185 in NS_ProcessNextEvent(nsIThread*, bool) src/xpcom/threads/nsThreadUtils.cpp:519:10 #50 0x7f0f8f052f1e in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) src/ipc/glue/MessagePump.cpp:97:21 #51 0x7f0f8ef5520c in RunInternal src/ipc/chromium/src/base/message_loop.cc:325:10 #52 0x7f0f8ef5520c in RunHandler src/ipc/chromium/src/base/message_loop.cc:318 #53 0x7f0f8ef5520c in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298 #54 0x7f0f97a191a6 in nsBaseAppShell::Run() src/widget/nsBaseAppShell.cpp:158:27 #55 0x7f0f9bd79e8e in XRE_RunAppShell() src/toolkit/xre/nsEmbedFunctions.cpp:940:22 #56 0x7f0f8ef5520c in RunInternal src/ipc/chromium/src/base/message_loop.cc:325:10 #57 0x7f0f8ef5520c in RunHandler src/ipc/chromium/src/base/message_loop.cc:318 #58 0x7f0f8ef5520c in MessageLoop::Run() src/ipc/chromium/src/base/message_loop.cc:298 #59 0x7f0f9bd78f42 in XRE_InitChildProcess(int, char**, XREChildData const*) src/toolkit/xre/nsEmbedFunctions.cpp:766:34 #60 0x4f5b11 in content_process_main src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30 #61 0x4f5b11 in main src/browser/app/nsBrowserApp.cpp:287 #62 0x7f0fb38a282f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 #63 0x424ee8 in _start (firefox+0x424ee8) 0x603000408388 is located 0 bytes to the right of 24-byte region [0x603000408370,0x603000408388) allocated by thread T0 (file:// Content) here: #0 0x4c5633 in malloc /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3 #1 0x51a34d in moz_xmalloc src/memory/mozalloc/mozalloc.cpp:70:17 #2 0x7f0f9a201473 in sk_malloc_throw src/gfx/skia/skia/include/private/SkMalloc.h:59:12 #3 0x7f0f9a201473 in SkDashImpl src/gfx/skia/skia/src/effects/SkDashPathEffect.cpp:23 #4 0x7f0f9a201473 in SkDashPathEffect::Make(float const*, int, float) src/gfx/skia/skia/src/effects/SkDashPathEffect.cpp:397 #5 0x7f0f907fe3e5 in mozilla::gfx::StrokeOptionsToPaint(SkPaint&, mozilla::gfx::StrokeOptions const&) src/gfx/2d/HelpersSkia.h:156:32 #6 0x7f0f907ff470 in mozilla::gfx::DrawTargetSkia::StrokeRect(mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits, float> const&, mozilla::gfx::Pattern const&, mozilla::gfx::StrokeOptions const&, mozilla::gfx::DrawOptions const&) src/gfx/2d/DrawTargetSkia.cpp:932:8 #7 0x7f0f94f666ce in mozilla::dom::CanvasRenderingContext2D::StrokeRect(double, double, double, double) src/dom/canvas/CanvasRenderingContext2D.cpp:3151:5 #8 0x7f0f9367320d in mozilla::dom::CanvasRenderingContext2D_Binding::strokeRect(JSContext*, JS::Handle<JSObject*>, mozilla::dom::CanvasRenderingContext2D*, JSJitMethodCallArgs const&) src/obj-firefox/dom/bindings/CanvasRenderingContext2DBinding.cpp:5476:9 #9 0x7f0f94e24759 in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) src/dom/bindings/BindingUtils.cpp:3311:13 #10 0x7f0f9c0a1b0e in CallJSNative src/js/src/vm/Interpreter.cpp:445:15 #11 0x7f0f9c0a1b0e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:533 #12 0x7f0f9c08c3f7 in CallFromStack src/js/src/vm/Interpreter.cpp:590:12 #13 0x7f0f9c08c3f7 in Interpret(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:3239 #14 0x7f0f9c07280e in js::RunScript(JSContext*, js::RunState&) src/js/src/vm/Interpreter.cpp:425:12 #15 0x7f0f9c0a23e4 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) src/js/src/vm/Interpreter.cpp:557:15 #16 0x7f0f9c0a3972 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) src/js/src/vm/Interpreter.cpp:603:10 #17 0x7f0f9cb26b4a in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) src/js/src/jsapi.cpp:2915:12 #18 0x7f0f944297fe in mozilla::dom::EventListener::HandleEvent(JSContext*, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) src/obj-firefox/dom/bindings/EventListenerBinding.cpp:51:8 #19 0x7f0f9569983e in HandleEvent<mozilla::dom::EventTarget *> src/obj-firefox/dist/include/mozilla/dom/EventListenerBinding.h:66:12 #20 0x7f0f9569983e in mozilla::EventListenerManager::HandleEventSubType(mozilla::EventListenerManager::Listener*, mozilla::dom::Event*, mozilla::dom::EventTarget*) src/dom/events/EventListenerManager.cpp:1108 #21 0x7f0f9569b9c6 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) src/dom/events/EventListenerManager.cpp:1342:20 #22 0x7f0f9567f5c9 in HandleEvent src/obj-firefox/dist/include/mozilla/EventListenerManager.h:390:5 #23 0x7f0f9567f5c9 in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:418 #24 0x7f0f9567d883 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) src/dom/events/EventDispatcher.cpp:635:16 #25 0x7f0f956840de in mozilla::EventDispatcher::Dispatch(nsISupports*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) src/dom/events/EventDispatcher.cpp:1110:9
,
Aug 17
from: Lee Salzman: lsalzman@mozilla.com sum SkDashPath intervals instead of subtracting The problem here is that endPhase is a really big number, such that due to floating point imprecision subtracting a small non-zero number from it can still yield the exact same number, i.e. ReallyBigNumber - Epsilon == ReallyBigNumber. We know that endPhase will start as a value less than intervalLength, but due to above-mentioned problem, it may never hit 0 via subtraction. intervalLength is calculated as a sum of all the intervals here: https://dxr.mozilla.org/mozilla-central/source/gfx/skia/skia/src/utils/SkDashPath.cpp?q=SkDashPath%3A%3ACalcDashParameters&redirect_type=direct#39 So to fix this, we need to sum the intervals until they exceed endPhase, which ensures that they are summed in the same order as intervalLength and will eventually get there given that endPhase is within bounds.
,
Aug 17
,
Aug 17
Mozilla are fixing downstream.
,
Aug 18
Assigning to hcm as per https://chromium.googlesource.com/chromium/src/+/master/docs/security/sheriff.md suggestion for skia bugs. awhalley: I was unsure whether this was a high or critical, assigning critical out of an abundance of caution, feel free to lower the severity if appropriate.
,
Aug 18
,
Aug 18
,
Aug 20
Assign to reed@ to see if we can add further checks in Skia's code
,
Aug 22
Note that Mozilla will be shipping a fix in a 62 beta this week: https://hg.mozilla.org/integration/mozilla-inbound/rev/54934de382c5
,
Aug 23
The following revision refers to this bug: https://skia.googlesource.com/skia/+/4c6514490e966198af427ec4df050470e55653a8 commit 4c6514490e966198af427ec4df050470e55653a8 Author: Mike Reed <reed@google.com> Date: Thu Aug 23 17:13:28 2018 fix dashimpl underflow Previous impl would assert (and read past legal memory) for the new test. Bug: skia: 8274 Bug: 875494 Change-Id: I2a2e20085d54d611151a9e20ae9cebf33c511329 Reviewed-on: https://skia-review.googlesource.com/148940 Commit-Queue: Mike Reed <reed@google.com> Reviewed-by: Mike Klein <mtklein@google.com> [modify] https://crrev.com/4c6514490e966198af427ec4df050470e55653a8/src/utils/SkDashPath.cpp [modify] https://crrev.com/4c6514490e966198af427ec4df050470e55653a8/tests/DashPathEffectTest.cpp
,
Aug 23
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/159d78c6ad47048b9320255e136057afca3e4143 commit 159d78c6ad47048b9320255e136057afca3e4143 Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Thu Aug 23 18:43:59 2018 Roll src/third_party/skia 9db44ed0ef7f..4c6514490e96 (7 commits) https://skia.googlesource.com/skia.git/+log/9db44ed0ef7f..4c6514490e96 git log 9db44ed0ef7f..4c6514490e96 --date=short --no-merges --format='%ad %ae %s' 2018-08-23 reed@google.com fix dashimpl underflow 2018-08-23 mtklein@google.com fix clamp_0/clamp_1 stages in lowp 2018-08-23 fmalita@chromium.org [skottie] Improved text rendering 2018-08-23 angle-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll third_party/externals/angle2 9259fd0d4f4c..c40974417610 (1 commits) 2018-08-23 robertphillips@google.com Add GPU-side caching of mask-filtered path masks (take 2) 2018-08-23 bsalomon@google.com Try again to fix leak of SkSL parser map when built standalone 2018-08-23 robertphillips@google.com Add 0-blur-sigma check to directFilterMaskGPU Created with: gclient setdep -r src/third_party/skia@4c6514490e96 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel BUG= chromium:875494 TBR=fmalita@chromium.org Change-Id: I14937f931974c643045181bd29f7ab477fc4fc00 Reviewed-on: https://chromium-review.googlesource.com/1187202 Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#585561} [modify] https://crrev.com/159d78c6ad47048b9320255e136057afca3e4143/DEPS
,
Aug 24
ClusterFuzz has detected this issue as fixed in range 585560:585561. Detailed report: https://clusterfuzz.com/testcase?key=6632314315210752 Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x60a00012a1f8 Crash State: SkDashPath::InternalFilter SkDashImpl::onFilterPath SkPathEffect::filterPath Sanitizer: address (ASAN) Recommended Security Severity: Medium Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=585560:585561 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6632314315210752 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 24
ClusterFuzz testcase 6632314315210752 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 24
,
Oct 15
,
Oct 26
,
Oct 26
This bug requires manual review: DEPS changes referenced in bugdroid comments. Please contact the milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), kbleicher@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 26
(Already in 71)
,
Nov 30
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||
Comment 1 by ClusterFuzz
, Aug 17