New issue
Advanced search Search tips

Issue 892913 link

Starred by 2 users
Status: Untriaged
Owner: ----
Cc:
jochen@chromium.org
kkaluri@chromium.org
jbroman@chromium.org
haraken@chromium.org
thakis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in pthread_key_init_np

Project Member Reported by ClusterFuzz, Oct 6 
Detailed report: https://clusterfuzz.com/testcase?key=5689644640108544

Fuzzer: libFuzzer_content_security_policy_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  pthread_key_init_np
  blink::ThreadState::Current
  unsigned char* blink::ThreadHeap::Allocate<blink::ContentSecurityPolicy>
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=547202:547312

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5689644640108544

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Oct 6

Components: Blink>Internals Blink>MemoryAllocator>GarbageCollection
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Oct 6

Cc: jbroman@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 3 by kkaluri@chromium.org, Oct 8

Cc: kkaluri@chromium.org
Labels: M-70 CF-NeedsTriage Test-Predator-Wrong
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

Comment 4 by manoranj...@chromium.org, Oct 12

Cc: haraken@chromium.org jochen@chromium.org thakis@chromium.org
Adding couple of code 'Owners' (https://cs.chromium.org/chromium/src/third_party/blink/renderer/platform/wtf/OWNERS?type=cs&q=third_party/blink/renderer/platform/wtf/&sq=package:chromium&g=0) related to this specific change.

Comment 5 by manoranj...@chromium.org, Oct 12

Labels: -CF-NeedsTriage
Project Member

Comment 6 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 5689644640108544 appears to be flaky, updating reproducibility label.

Comment 7 by infe...@chromium.org, Dec 1

Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Comment 8 by infe...@chromium.org, Dec 1

Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Sign in to add a comment