S Ganesh (Gerrit)

unread,

May 7, 2026, 8:36:53 PMMay 7

to Chrome Crash (Prod), Kent Tamura, Chromium LUCI CQ, Hongchan Choi, android-bu...@system.gserviceaccount.com, blink-...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org

Attention needed from Kent Tamura

New activity on the change

Open in Gerrit

Related details

Attention is currently required from:

Kent Tamura

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Kent Tamura (Gerrit)

unread,

May 7, 2026, 8:42:41 PMMay 7

to Chrome Crash (Prod), Hongchan Choi, S Ganesh, Chromium LUCI CQ, android-bu...@system.gserviceaccount.com, blink-...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org, Kent Tamura

Attention needed from Hongchan Choi

Kent Tamura added 1 comment

Patchset-level comments

File-level comment, Patchset 2 (Latest):

Kent Tamura . resolved

I don't think I'm an appropriate reviewer for this CL.
hongchan@, would you review this please?

Open in Gerrit

Related details

Attention is currently required from:

Hongchan Choi

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Hongchan Choi (Gerrit)

unread,

May 8, 2026, 12:37:35 PMMay 8

to Chrome Crash (Prod), Stephen Nusko, S Ganesh, Chromium LUCI CQ, android-bu...@system.gserviceaccount.com, blink-...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org

Attention needed from Stephen Nusko

Hongchan Choi added 1 comment

Patchset-level comments

File-level comment, Patchset 2 (Latest):

Hongchan Choi . resolved

Looks like the suggested changes is closely related to the Blink allocator.

Perhaps nuskos@ is the right expert?

Open in Gerrit

Related details

Attention is currently required from:

Stephen Nusko

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Stephen Nusko (Gerrit)

unread,

May 10, 2026, 10:28:14 PMMay 10

to Chrome Crash (Prod), Hongchan Choi, S Ganesh, Chromium LUCI CQ, android-bu...@system.gserviceaccount.com, blink-...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org

Stephen Nusko voted and added 5 comments

Votes added by Stephen Nusko

Code-Review

-1

5 comments

Patchset-level comments

File-level comment, Patchset 2 (Latest):

Stephen Nusko . resolved

I think more investigation needs to be done here.

Commit Message

Line 10, Patchset 2 (Latest):

(BRP) is enabled in the BufferPartition, it can shift the object's address
by adding metadata at the start of the memory slot, violating the alignment

Stephen Nusko . unresolved

This isn't true, metadata is at the end of the slot, it shouldn't move the address at all.

Line 15, Patchset 2 (Latest):which has BRP disabled to support strict alignment. If the ArrayBufferPartition

Stephen Nusko . unresolved

This is disabling a pretty big protection, I wouldn't like to do this.

Line 17, Patchset 2 (Latest):

BufferPartition. BufferAlignedFree is also updated to use FreeInUnknownRoot
so it can handle pointers from either partition.

Stephen Nusko . unresolved

This is a pretty big potential performance regression. You'd need to run speedometer3 and jetstream2 and ideally some sort of audio heavy benchmark if one exists?

Line 20, Patchset 2 (Latest):

**This fix was generated by the Crash Autofix pipeline for the crash http://crash/3e05f4efd8e421fc. Please see go/crash-autofix for more details.**

Stephen Nusko . unresolved

This doesn't look like a correct fix at all.

1) It made up the fact about metadata
2) It tries to fix it by disabling a pretty large UaF security protection.
3) It adds performance overhead for all users of BufferAlignedFree (although there likely aren't many).

This should likely go in the pile of bad outcomes to train the AI to improve.

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Coverage
Code-Owners

Code-Review
No-Unresolved-Comments

Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

blocking_requirement

open

diffy

S Ganesh (Gerrit)

unread,

Jun 3, 2026, 9:55:53 PM (17 hours ago) Jun 3

to Chrome Crash (Prod), Stephen Nusko, Hongchan Choi, Chromium LUCI CQ, android-bu...@system.gserviceaccount.com, blink-...@chromium.org, kinuko...@chromium.org, blink-re...@chromium.org

S Ganesh abandoned this change.

View Change

Abandoned

S Ganesh abandoned this change

Related details

Attention set is empty

Submit Requirements:

Code-Coverage

Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

blocking_requirement

unsatisfied_requirement

open

diffy

Reply all

Reply to author

Forward

Use ArrayBufferPartition for AudioArray allocations to ensure alignment. [chromium/src : main]

S Ganesh (Gerrit)

New activity on the change

Related details

Kent Tamura (Gerrit)

Kent Tamura added 1 comment

Related details

Hongchan Choi (Gerrit)

Hongchan Choi added 1 comment

Related details

Stephen Nusko (Gerrit)

Stephen Nusko voted and added 5 comments

Votes added by Stephen Nusko

5 comments

Related details

S Ganesh (Gerrit)

S Ganesh abandoned this change

Related details