content/browser/appcache/appcache_fuzzer.cc · f5d536ed9bffe2e06d5684dce8440ba2b5898cfa · eriksson monteiro / tangled

Fix appcache_fuzzer to register renderer process ID that it uses with CPSP. · f5d536ed

Alex Moshchuk authored Feb 03, 2020

When the fuzzer runs, it generates calls to create AppCacheHosts with
a renderer process ID of 1 (passed via a call to CreateBackend()).
After r736660, AppCacheHost's constructor creates a
ChildProcessSecurityPolicyImpl::Handle for that process ID, but the
handle ends up being invalid because there's no SecurityState
registered for that process ID in the fuzzer's environment.  That
triggers DCHECKs when the fuzzer runs because the handle isn't valid.
Fix this by registering the test process ID with
ChildProcessSecurityPolicy during fuzzer initialization.

Bug: 1047638
Change-Id: I72154b46e89ffa8fceea18757b966593a5452aaa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2034085Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#737842}

f5d536ed

appcache_fuzzer.cc 11.1 KB

Replace appcache_fuzzer.cc