This check should be disable while fuzzing. https://searchfox.org/mozilla-central/source/docshell/base/WindowContext.cpp#207 ```c ==1==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f04e9706a12 bp 0x7ffd47efe5f0 sp 0x7ffd47efe4c0 T0) ==1==The signal is caused by a WRITE memory access. ==1==Hint: address points to the zero page. #0 0x7f04e9706a11 in mozilla::ipc::IPDLParamTraits<mozilla::dom::WindowContext*>::Read(IPC::Message const*, PickleIterator*, mozilla::ipc::IProtocol*, RefPtr<mozilla::dom::WindowContext>*) mozilla-central/docshell/base/WindowContext.cpp:217:28 #1 0x7f04e1c26005 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /work/obj-fuzz/ipc/ipdl/PContentParent.cpp:12269:20 #2 0x7f04e035f8f2 in void mozilla::ipc::FuzzProtocol<mozilla::dom::ContentParent>(mozilla::dom::ContentParent*, unsigned char const*, unsigned long, nsTArray<nsTString<char> > const&) /work/obj-fuzz/dist/include/ProtocolFuzzer.h:96:18 #3 0x7f04e035f228 in RunContentParentIPCFuzzing(unsigned char const*, unsigned long) mozilla-central/dom/ipc/fuzztest/content_parent_ipc_libfuzz.cpp:27:3 #4 0x56073dda969f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x30c69f) #5 0x56073dd9535e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x2f835e) #6 0x56073dd976c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x2fa6c9) #7 0x7f04ea063873 in mozilla::FuzzerRunner::Run(int*, char***) mozilla-central/tools/fuzzing/interface/harness/FuzzerRunner.cpp:54:10 #8 0x7f04e9faa435 in XREMain::XRE_mainStartup(bool*) mozilla-central/toolkit/xre/nsAppRunner.cpp:3696:35 #9 0x7f04e9fb23cb in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4682:12 #10 0x7f04e9fb29c3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4746:21 #11 0x56073dc69c34 in do_main(int, char**, char**) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x1ccc34) #12 0x56073dc6948b in main (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x1cc48b) ```
Bug 1612568 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This check should be disable while fuzzing. https://searchfox.org/mozilla-central/rev/2e355fa82aaa87e8424a9927c8136be184eeb6c7/docshell/base/WindowContext.cpp#207 ```c ==1==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f04e9706a12 bp 0x7ffd47efe5f0 sp 0x7ffd47efe4c0 T0) ==1==The signal is caused by a WRITE memory access. ==1==Hint: address points to the zero page. #0 0x7f04e9706a11 in mozilla::ipc::IPDLParamTraits<mozilla::dom::WindowContext*>::Read(IPC::Message const*, PickleIterator*, mozilla::ipc::IProtocol*, RefPtr<mozilla::dom::WindowContext>*) mozilla-central/docshell/base/WindowContext.cpp:217:28 #1 0x7f04e1c26005 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /work/obj-fuzz/ipc/ipdl/PContentParent.cpp:12269:20 #2 0x7f04e035f8f2 in void mozilla::ipc::FuzzProtocol<mozilla::dom::ContentParent>(mozilla::dom::ContentParent*, unsigned char const*, unsigned long, nsTArray<nsTString<char> > const&) /work/obj-fuzz/dist/include/ProtocolFuzzer.h:96:18 #3 0x7f04e035f228 in RunContentParentIPCFuzzing(unsigned char const*, unsigned long) mozilla-central/dom/ipc/fuzztest/content_parent_ipc_libfuzz.cpp:27:3 #4 0x56073dda969f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x30c69f) #5 0x56073dd9535e in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x2f835e) #6 0x56073dd976c9 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x2fa6c9) #7 0x7f04ea063873 in mozilla::FuzzerRunner::Run(int*, char***) mozilla-central/tools/fuzzing/interface/harness/FuzzerRunner.cpp:54:10 #8 0x7f04e9faa435 in XREMain::XRE_mainStartup(bool*) mozilla-central/toolkit/xre/nsAppRunner.cpp:3696:35 #9 0x7f04e9fb23cb in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4682:12 #10 0x7f04e9fb29c3 in XRE_main(int, char**, mozilla::BootstrapConfig const&) mozilla-central/toolkit/xre/nsAppRunner.cpp:4746:21 #11 0x56073dc69c34 in do_main(int, char**, char**) (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x1ccc34) #12 0x56073dc6948b in main (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_firefox_6180546f5e5f1d75138bf6cea3784693af7a2aa9/revisions/firefox/firefox+0x1cc48b) ```