Allocate AXTreeDelegate before AXTree in ax_tree_fuzzer.

This was causing a stack-use-after-scope when fuzzing. Manually confirmed that allocating the delegate first fixes the problem on the input attached to the bug. BUG=688104 Review-Url: https://codereview.chromium.org/2715663006 Cr-Commit-Position: refs/heads/master@{#452760}
Denger-Network · Feb 24, 2017 · 1986f70 · 1986f70
1 parent dded975
commit 1986f70
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ui/accessibility/ax_tree_fuzzer.cc b/ui/accessibility/ax_tree_fuzzer.cc
@@ -43,8 +43,8 @@ extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) {
   // Run with --v=1 to aid in debugging a specific crash.
   VLOG(1) << "Input accessibility tree:\n" << initial_state.ToString();
 
-  ui::AXTree tree;
   EmptyAXTreeDelegate delegate;
+  ui::AXTree tree;
   tree.SetDelegate(&delegate);
   tree.Unserialize(initial_state);