Null-dereference READ in blink::Internals::hitTestCount |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4768182918971392 Fuzzer: ochang_domfuzzer Job Type: linux_msan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000148 Crash State: blink::Internals::hitTestCount blink::V8Internals::HitTestCountMethodCallback v8::internal::FunctionCallbackArguments::Call Sanitizer: memory (MSAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4768182918971392 Issue filed automatically. See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for more information.
,
Dec 17
to CF sheriff
,
Dec 18
This fails on the blink side, in a method that looks like an internal testing API. Updating component and adding rbyers@ who added this API in 6f2469c8c876f1aa3933a4c63c4ec48309d4720d.
,
Dec 19
Not a real issue since this is code that doesn't ship. Hover, it's just a missing null-check - I'll put up a CL shortly.
,
Dec 19
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1f8c82118ff5027aa70127df59497c5c4cb25835 commit 1f8c82118ff5027aa70127df59497c5c4cb25835 Author: David Bokan <bokan@chromium.org> Date: Wed Dec 19 15:38:10 2018 Null-check internals.hitTestCount Bug: 912421 Change-Id: I9bba7f46ab7c46953ceb24be0137405744dff657 Reviewed-on: https://chromium-review.googlesource.com/c/1384136 Commit-Queue: David Bokan <bokan@chromium.org> Commit-Queue: Dave Tapuska <dtapuska@chromium.org> Reviewed-by: Dave Tapuska <dtapuska@chromium.org> Cr-Commit-Position: refs/heads/master@{#617842} [modify] https://crrev.com/1f8c82118ff5027aa70127df59497c5c4cb25835/third_party/blink/renderer/core/testing/internals.cc
,
Dec 19
,
Dec 20
ClusterFuzz has detected this issue as fixed in range 617841:617842. Detailed report: https://clusterfuzz.com/testcase?key=4768182918971392 Fuzzer: ochang_domfuzzer Job Type: linux_msan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000148 Crash State: blink::Internals::hitTestCount blink::V8Internals::HitTestCountMethodCallback v8::internal::FunctionCallbackArguments::Call Sanitizer: memory (MSAN) Fixed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=617841:617842 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4768182918971392 See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 20
ClusterFuzz testcase 4768182918971392 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by kkaluri@chromium.org
, Dec 13