New issue
Advanced search Search tips

Issue 921385 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
kkaluri@chromium.org
palmer@chromium.org
yutak@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Direct-leak in Alloc

Project Member Reported by ClusterFuzz, Jan 13 
Detailed report: https://clusterfuzz.com/testcase?key=6290615444439040

Fuzzer: svg_more_tokenfuzz
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  Alloc
  BufferMalloc
  AllocateTable
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=587598:587602

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6290615444439040

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
Project Member

Comment 1 by ClusterFuzz, Jan 13

Components: Blink>Internals>WTF Blink>MemoryAllocator>Partition
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by kkaluri@chromium.org, Jan 14

Cc: kkaluri@chromium.org
Labels: M-72 Test-Predator-Wrong
Owner: palmer@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, "partition_alloc.h" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/f369a29a01b3d8e8269afae32157f3e4e7ec7e3f

palmer@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 3 by palmer@chromium.org, Jan 14

Owner: ----
Status: Available (was: Assigned)
I don't see anything actionable in this bug report. Running the reproducer tool gets me a very different result:

Indirect leak of 519 byte(s) in 50 object(s) allocated from:
    #0 0x563a4b149c50 in __interceptor_strdup _asan_rtl_:3
    #1 0x563a56d38853 in IA__FcValueSave ./../../third_party/fontconfig/src/src/fcpat.c:103:10
    #2 0x563a56d3b023 in FcPatternObjectAddWithBinding ./../../third_party/fontconfig/src/src/fcpat.c:711:13
    #3 0x563a56d3da96 in FcPatternAppend ./../../third_party/fontconfig/src/src/fcpat.c:1269:11
    #4 0x563a56d4efc1 in FcParsePattern ./../../third_party/fontconfig/src/src/fcxml.c:2924:11
    #5 0x563a56d4efc1 in FcEndElement ./../../third_party/fontconfig/src/src/fcxml.c:3043:0
    #6 0x563a56e43ecf in xmlParseEndTag1 ./../../third_party/libxml/src/parser.c:8637:9
    #7 0x563a56e5d12b in xmlParseTryOrFinish ./../../third_party/libxml/src/parser.c:11557:7
    #8 0x563a56e593c4 in xmlParseChunk ./../../third_party/libxml/src/parser.c:12261:13
    #9 0x563a56d4c1a7 in FcConfigParseAndLoadFromMemoryInternal ./../../third_party/fontconfig/src/src/fcxml.c:3356:6
    #10 0x563a56d4b695 in _FcConfigParse ./../../third_party/fontconfig/src/src/fcxml.c:3491:11
    #11 0x563a56d4bb06 in FcConfigParseAndLoadDir ./../../third_party/fontconfig/src/src/fcxml.c:3256:12
    #12 0x563a56d4bb06 in _FcConfigParse ./../../third_party/fontconfig/src/src/fcxml.c:3454:0
    #13 0x563a56d56b30 in FcParseInclude ./../../third_party/fontconfig/src/src/fcxml.c:2421:10
    #14 0x563a56d56b30 in FcEndElement ./../../third_party/fontconfig/src/src/fcxml.c:2971:0
    #15 0x563a56e43ecf in xmlParseEndTag1 ./../../third_party/libxml/src/parser.c:8637:9
    #16 0x563a56e5d12b in xmlParseTryOrFinish ./../../third_party/libxml/src/parser.c:11557:7
    #17 0x563a56e593c4 in xmlParseChunk ./../../third_party/libxml/src/parser.c:12261:13
    #18 0x563a56d4c1a7 in FcConfigParseAndLoadFromMemoryInternal ./../../third_party/fontconfig/src/src/fcxml.c:3356:6
    #19 0x563a56d4b695 in _FcConfigParse ./../../third_party/fontconfig/src/src/fcxml.c:3491:11
    #20 0x563a56d26940 in FcInitLoadOwnConfig ./../../third_party/fontconfig/src/src/fcinit.c:88:10
    #21 0x563a56d26e98 in FcInitLoadOwnConfigAndFonts ./../../third_party/fontconfig/src/src/fcinit.c:169:14
    #22 0x563a56d26e98 in IA__FcInitLoadConfigAndFonts ./../../third_party/fontconfig/src/src/fcinit.c:183:0
    #23 0x563a56cf7f2c in FcConfigEnsure ./../../third_party/fontconfig/src/src/fccfg.c:45:11
    #24 0x563a56cf7f2c in FcConfigInit ./../../third_party/fontconfig/src/src/fccfg.c:88:0
    #25 0x563a54793209 in ChromeBrowserMainPartsLinux::ToolkitInitialized() ./../../chrome/browser/chrome_browser_main_linux.cc:50:3
    #26 0x563a4e7fc8a5 in content::BrowserMainLoop::InitializeToolkit() ./../../content/browser/browser_main_loop.cc:1529:13
    #27 0x563a4e800088 in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) ./../../content/browser/browser_main_runner_impl.cc:128:22
    #28 0x563a4e7eca89 in content::BrowserMain(content::MainFunctionParams const&) ./../../content/browser/browser_main.cc:43:32
    #29 0x563a545d3f11 in RunBrowserProcessMain ./../../content/app/content_main_runner_impl.cc:545:10
    #30 0x563a545d3f11 in content::ContentMainRunnerImpl::RunServiceManager(content::MainFunctionParams&, bool) ./../../content/app/content_main_runner_impl.cc:954:0
    #31 0x563a545d300c in content::ContentMainRunnerImpl::Run(bool) ./../../content/app/content_main_runner_impl.cc:868:12
    #32 0x563a54735027 in service_manager::Main(service_manager::MainParams const&) ./../../services/service_manager/embedder/main.cc:461:29
    #33 0x563a545cce1c in content::ContentMain(content::ContentMainParams const&) ./../../content/app/content_main.cc:19:10
    #34 0x563a4b18e93e in ChromeMain ./../../chrome/app/chrome_main.cc:102:12
    #35 0x7f99d95562b0 in __libc_start_main ??:0:0

SUMMARY: AddressSanitizer: 8918 byte(s) leaked in 133 allocation(s).

New crash type: Direct-leak
New crash state:
  FcPatternObjectInsertElt
  FcPatternObjectAddWithBinding
  FcPatternAppend

Original crash type: Direct-leak
Original crash state:
  NULL

Sign in to add a comment