Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(81)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ui/accessibility/ax_tree_unittest.cc

Issue 2377443002: Fix another bug in AXTree caught by libfuzzer (Closed)
Patch Set: Address feedback Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « ui/accessibility/ax_tree.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ui/accessibility/ax_tree_unittest.cc
diff --git a/ui/accessibility/ax_tree_unittest.cc b/ui/accessibility/ax_tree_unittest.cc
index 5e8bdcd232106edf5ded355f162dfcda744848ba..dda88e63497e5207d3c2efd5ae4852cc8e4db146 100644
--- a/ui/accessibility/ax_tree_unittest.cc
+++ b/ui/accessibility/ax_tree_unittest.cc
@@ -508,4 +508,24 @@ TEST(AXTreeTest, BogusAXTree2) {
tree.Unserialize(initial_state);
}
+// UAF caught by ax_tree_fuzzer
+TEST(AXTreeTest, BogusAXTree3) {
+ AXTreeUpdate initial_state;
+ AXNodeData node;
+ node.id = 0;
+ node.state = 0;
+ node.child_ids.push_back(1);
+ initial_state.nodes.push_back(node);
+
+ AXNodeData node2;
+ node2.id = 1;
+ node2.state = 0;
+ node2.child_ids.push_back(1);
+ node2.child_ids.push_back(1);
+ initial_state.nodes.push_back(node2);
+
+ ui::AXTree tree;
+ tree.Unserialize(initial_state);
+}
+
} // namespace ui
« no previous file with comments | « ui/accessibility/ax_tree.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698