### Task
| **Item** | **Description** |
| :------------ | :---------- |
Crash Type | Null-dereference READ
Sanitizer | address (ASAN)
Platform | linux
Job Type | libfuzzer_asan_firefox
Fuzz Target | ContentParentIPC
Reliably Reproduces | YES
### Callstack
```c
==1==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f38aab693a0 bp 0x7ffeb78b2710 sp 0x7ffeb78b2600 T0)
==1==The signal is caused by a READ memory access.
==1==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
#0 0x7f38aab6939f in mozilla::AntiTrackingCommon::CreateStoragePermissionKey(nsIPrincipal*, nsTSubstring<char>&) mozilla-central/toolkit/components/antitracking/AntiTrackingCommon.cpp:0:29
#1 0x7f38a4ce89ce in mozilla::dom::Document::AutomaticStorageAccessCanBeGranted(nsIPrincipal*) mozilla-central/dom/base/Document.cpp:15625:3
#2 0x7f38a7da59b3 in mozilla::dom::ContentParent::RecvAutomaticStorageAccessCanBeGranted(IPC::Principal const&, std::function<void (bool const&)>&&) mozilla-central/dom/ipc/ContentParent.cpp:5750:13
#3 0x7f38a2faac73 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /work/obj-fuzz/ipc/ipdl/PContentParent.cpp:10461:57
#4 0x7f38a17d6ed2 in void mozilla::ipc::FuzzProtocol<mozilla::dom::ContentParent>(mozilla::dom::ContentParent*, unsigned char const*, unsigned long, nsTArray<nsTString<char> > const&) /work/obj-fuzz/dist/include/ProtocolFuzzer.h:96:18
#5 0x7f38a17d67e8 in RunContentParentIPCFuzzing(unsigned char const*, unsigned long) mozilla-central/dom/ipc/fuzztest/content_parent_ipc_libfuzz.cpp:27:3
#6 0x5618f06cc29f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)
#7 0x5618f06b89de in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)
#8 0x5618f06bac99 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))
#9 0x7f38ab01b791 in mozilla::FuzzerRunner::Run(int*, char***) mozilla-central/tools/fuzzing/interface/harness/FuzzerRunner.cpp:61:10
#10 0x7f38aaf6c6ae in XREMain::XRE_mainStartup(bool*) mozilla-central/toolkit/xre/nsAppRunner.cpp:3758:35
#11 0x7f38aaf74e15 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4698:12
#12 0x7f38aaf757c1 in XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4792:21
#13 0x5618f05d0b4a in do_main(int, char**, char**)
#14 0x5618f05d0332 in main
#15 0x7f38bcc8e82f in __libc_start_main
#16 0x5618f04f2028 in _start
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/libxul.so+0x142fd39f)
==1==ABORTING
```
### Notes
> This bug is subject to a 90 day disclosure deadline. If 90 days elapse without an upstream patch, then the bug report will automatically become visible to the public.
Bug 1577563 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
### Task
| **Item** | **Description** |
| :------------ | :---------- |
Crash Type | Null-dereference READ
Sanitizer | address (ASAN)
Platform | linux
Job Type | libfuzzer_asan_firefox
Fuzz Target | ContentParentIPC
Reliably Reproduces | YES
### Callstack
```c
==1==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f38aab693a0 bp 0x7ffeb78b2710 sp 0x7ffeb78b2600 T0)
==1==The signal is caused by a READ memory access.
==1==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
#0 0x7f38aab6939f in mozilla::AntiTrackingCommon::CreateStoragePermissionKey(nsIPrincipal*, nsTSubstring<char>&) mozilla-central/toolkit/components/antitracking/AntiTrackingCommon.cpp:0:29
#1 0x7f38a4ce89ce in mozilla::dom::Document::AutomaticStorageAccessCanBeGranted(nsIPrincipal*) mozilla-central/dom/base/Document.cpp:15625:3
#2 0x7f38a7da59b3 in mozilla::dom::ContentParent::RecvAutomaticStorageAccessCanBeGranted(IPC::Principal const&, std::function<void (bool const&)>&&) mozilla-central/dom/ipc/ContentParent.cpp:5750:13
#3 0x7f38a2faac73 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /work/obj-fuzz/ipc/ipdl/PContentParent.cpp:10461:57
#4 0x7f38a17d6ed2 in void mozilla::ipc::FuzzProtocol<mozilla::dom::ContentParent>(mozilla::dom::ContentParent*, unsigned char const*, unsigned long, nsTArray<nsTString<char> > const&) /work/obj-fuzz/dist/include/ProtocolFuzzer.h:96:18
#5 0x7f38a17d67e8 in RunContentParentIPCFuzzing(unsigned char const*, unsigned long) mozilla-central/dom/ipc/fuzztest/content_parent_ipc_libfuzz.cpp:27:3
#6 0x5618f06cc29f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)
#7 0x5618f06b89de in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)
#8 0x5618f06bac99 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))
#9 0x7f38ab01b791 in mozilla::FuzzerRunner::Run(int*, char***) mozilla-central/tools/fuzzing/interface/harness/FuzzerRunner.cpp:61:10
#10 0x7f38aaf6c6ae in XREMain::XRE_mainStartup(bool*) mozilla-central/toolkit/xre/nsAppRunner.cpp:3758:35
#11 0x7f38aaf74e15 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4698:12
#12 0x7f38aaf757c1 in XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4792:21
#13 0x5618f05d0b4a in do_main(int, char**, char**)
#14 0x5618f05d0332 in main
#15 0x7f38bcc8e82f in __libc_start_main
#16 0x5618f04f2028 in _start
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/libxul.so+0x142fd39f)
==1==ABORTING
```