CHECK failure: first_party_url_initialized_ in appcache_host.cc |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4593609204301824 Fuzzer: libFuzzer_appcache_fuzzer Fuzz target binary: appcache_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: first_party_url_initialized_ in appcache_host.cc content::AppCacheHost::SelectCache content::AppCacheBackendImpl::SelectCache Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4593609204301824 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Dec 26
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Dec 26
,
Jan 2
(for backgronud) this is the same as (some of) the clusterfuzz bugs that were merged into 843797; in that bug I fixed the non-clusterfuzz case that the bug started with, but I had no idea if that fix would also help for all the various clusterfuzz bugs that just happened to hit the same DCHECK. And I'm not surprised that apparently they didn't.
,
Jan 11
mek@: Can you please continue the investigation here?
,
Jan 12
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3cd9c072cec9cef3357ac2d7cf95010ef5bade24 commit 3cd9c072cec9cef3357ac2d7cf95010ef5bade24 Author: Marijn Kruisselbrink <mek@chromium.org> Date: Sat Jan 12 01:24:26 2019 [AppCache] ReportBadMessage rather than DCHECK for first_party_url_ check. If first_party_url_ hasn't been initialized when SelectCache is called it means the renderer is somehow trying to select a Cache for a main resource that was never actually fetched. That is only possible if the renderer is misbehaving, so return false to trigger a mojo::ReportBadMessage. Bug: 917827 Change-Id: I9c02a6ea4ea328c736f24cf2b2666363192de03f Reviewed-on: https://chromium-review.googlesource.com/c/1407910 Commit-Queue: Marijn Kruisselbrink <mek@chromium.org> Commit-Queue: Victor Costan <pwnall@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#622250} [modify] https://crrev.com/3cd9c072cec9cef3357ac2d7cf95010ef5bade24/content/browser/appcache/appcache_host.cc [modify] https://crrev.com/3cd9c072cec9cef3357ac2d7cf95010ef5bade24/content/browser/appcache/appcache_host.h
,
Jan 12
,
Jan 12
ClusterFuzz has detected this issue as fixed in range 621021:621022. Detailed report: https://clusterfuzz.com/testcase?key=4593609204301824 Fuzzer: libFuzzer_appcache_fuzzer Fuzz target binary: appcache_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: first_party_url_initialized_ in appcache_host.cc content::AppCacheHost::SelectCache content::AppCacheBackendImpl::SelectCache Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=621021:621022 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4593609204301824 See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 12
ClusterFuzz testcase 4593609204301824 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Dec 26Labels: Test-Predator-Auto-Components