Null-dereference READ in payments::mojom::PaymentRequestClientProxy::OnCanMakePayment |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4979734430351360 Fuzzer: mojo_fuzzer Job Type: linux_asan_chrome_mojo Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: payments::mojom::PaymentRequestClientProxy::OnCanMakePayment payments::PaymentRequest::CanMakePaymentCallback payments::PaymentRequest::CanMakePayment Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mojo&range=587406:587417 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4979734430351360 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 31
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/abbe7c9042d2f5eb43711f02db6f6a2253cb7ad8 ([OnionSoup] Move payment_{app,request}.mojom into blink/public/mojom/). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Sep 1
Looks like client_ (mojom::PaymentRequestClientPtr) is null at https://cs.chromium.org/chromium/src/components/payments/content/payment_request.cc?rcl=7ee20e1529fe601a619fc1ce3b843dbfde5b4dde&l=441 I checked around my CL again, it's a mechanical movement of mojom files and does not have any substantial changes regarding behavior, I have no idea for now so I'd like to unassign myself first, then payment experts can take a look at this issue so that it can be solved ASAP. Thanks.
,
Sep 2
Thank you for the great triage! I can take care of this. (Need to null-check the |client| before using it.)
,
Dec 15
ClusterFuzz has detected this issue as fixed in range 616819:616829. Detailed report: https://clusterfuzz.com/testcase?key=4979734430351360 Fuzzer: mojo_fuzzer Job Type: linux_asan_chrome_mojo Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000008 Crash State: payments::mojom::PaymentRequestClientProxy::OnCanMakePayment payments::PaymentRequest::CanMakePaymentCallback payments::PaymentRequest::CanMakePayment Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mojo&range=587406:587417 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mojo&range=616819:616829 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4979734430351360 See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 15
ClusterFuzz testcase 4979734430351360 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Aug 31Labels: Test-Predator-Auto-Components