Null-dereference READ in __CFStringDeallocate |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5694423360602112 Fuzzer: inferno_twister_c Job Type: mac_asan_chrome Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: __CFStringDeallocate CFRelease TCharStreamCFAttrString::~TCharStreamCFAttrString Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=599383:599384 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5694423360602112 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 22
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/d776debf67053c5d588e7cb824986f4d9defd9b5 (Updating XTBs based on .GRDs from branch master). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Nov 22
CL listed at #2 is CL created by automatic translation run. +nyerramilli@ & ajha@, could you ptal and reassign to right owner?
,
Nov 23
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue. Thanks!
,
Nov 26
Cannot reproduce this (Mac OS High Sierra) on master (as of yesterday). Telling clusterfuzz to redo the task.
,
Nov 26
Seems to be very flaky. Anything we can do here, drott?
,
Nov 26
This is now fixed, because we're not using hb-coretext anymore with HarfBuzz AAT shaping. See issue 894354 .
,
Dec 3
ClusterFuzz testcase 5694423360602112 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
Dec 3
hb-coretext is not built anymore, ClusterFuzz reports a stack trace that contains signatures from hb-coretext. https://cs.chromium.org/chromium/src/third_party/harfbuzz-ng/BUILD.gn?q=harfbuzz+build.gn&sq=package:chromium&dr=C&l=238 Adding ClusterFuzz-Wrong label. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ClusterFuzz
, Nov 22Labels: Test-Predator-Auto-Components