| Index: ui/accessibility/ax_tree_unittest.cc
|
| diff --git a/ui/accessibility/ax_tree_unittest.cc b/ui/accessibility/ax_tree_unittest.cc
|
| index 083891ccc3f5222fae04fd541e99e7f277d0bf5d..5e7326e084c5a581b38324fefde5f8afc94215ff 100644
|
| --- a/ui/accessibility/ax_tree_unittest.cc
|
| +++ b/ui/accessibility/ax_tree_unittest.cc
|
| @@ -432,4 +432,33 @@ TEST(AXTreeTest, ReparentingDoesNotTriggerNodeCreated) {
|
| node_reparented.end());
|
| }
|
|
|
| +// UAF caught by ax_tree_fuzzer
|
| +TEST(AXTreeTest, BogusAXTree) {
|
| + AXTreeUpdate initial_state;
|
| + AXNodeData node;
|
| + node.id = 0;
|
| + node.state = 0;
|
| + initial_state.nodes.push_back(node);
|
| + initial_state.nodes.push_back(node);
|
| + ui::AXTree tree;
|
| + tree.Unserialize(initial_state);
|
| +}
|
| +
|
| +// UAF caught by ax_tree_fuzzer
|
| +TEST(AXTreeTest, BogusAXTree2) {
|
| + AXTreeUpdate initial_state;
|
| + AXNodeData node;
|
| + node.id = 0;
|
| + node.state = 0;
|
| + initial_state.nodes.push_back(node);
|
| + AXNodeData node2;
|
| + node2.id = 0;
|
| + node2.state = 0;
|
| + node2.child_ids.push_back(0);
|
| + node2.child_ids.push_back(0);
|
| + initial_state.nodes.push_back(node2);
|
| + ui::AXTree tree;
|
| + tree.Unserialize(initial_state);
|
| +}
|
| +
|
| } // namespace ui
|
|
|
Chromium Code Reviews
Issue 2323103002:
Add fuzzer for AXTree and fix a couple of bugs it found. (Closed)
