Issue metadata
Sign in to add a comment
|
|
|||||||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=2510289 Fuzzer: Marty_html_twiddler Crash Type: Heap-use-after-free READ 8 Crash Address: 0x7f2b57bd6cb8 Crash State: - crash stack - WebCore::RenderBoxModelObject::hasSelfPaintingLayer WebCore::RenderBlock::addOverhangingFloats - free stack - WebCore::Node::detach WebCore::Element::detach Regressed: https://cluster-fuzz.appspot.com/revisions?range=110350:110431 Minimized Testcase (2.76 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97EGS1qsk2arR4HCJq3rYzOvR4BvBxqLvou8CyXyfrokA1DmTS-ccJZu38OYv-AgdYRfs3kIhxI-yUw6F6DqhmPrujnq48Z45tRgOpkRsNJ_FPlAoGf-1Yzh8iYIlL2QScPh4Enfgbi514yv_XbjblxAXIOLw Dec 13 2011,
Bulk edit for pending m17 beta release. Dec 16 2011,Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4741649 Uploader: inferno@chromium.org Crash Type: Heap-use-after-free READ 8 Crash Address: 0x7f4b0dffe0b8 Crash State: - crash stack - WebCore::RenderBoxModelObject::hasSelfPaintingLayer WebCore::RenderBlock::addOverhangingFloats - free stack - WebCore::Node::detach WebCore::Element::detach Minimized Testcase (2.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96AYa0983Om-v8B_IE1MR0Blkv1iLXyZ_H4KO3d4KElNzmndpSDssQyfXbpnB8ttjpJ3lurF96nbcHJidj4rrfvqoyMfoI-9f3czf3f2yT73iWpPYBVsiWBa56Hb5gb6Cau4Rzl2rljP9rX1RFGR7FbednSiQ Dec 26 2011,
Jan 17 2012,This is not fixed by Robert's fix in http://trac.webkit.org/changeset/105120. Jan 23 2012,
The last M16 patch is already gone. Mass-updating all of these to M17 Feb 1 2012,Issue 112136 has been merged into this issue. Feb 1 2012,here's a link to miaubiz' test case from 112136: https://cluster-fuzz.appspot.com/testcase?key=17424502 Feb 1 2012,
Feb 4 2012,
attaching patch using my left hand, someone needs to help through review, layouttest. this fixes both mine and miaubiz testcase. Feb 17 2012,
Feb 17 2012,Issue 112438 has been merged into this issue. Mar 9 2012,Issue 117577 has been merged into this issue. Mar 12 2012,
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=25009803 Fuzzer: Marty_html_twiddler Crash Type: Heap-use-after-free READ 4 Crash Address: 0x7f02ca06b4b0 Crash State: - crash stack - WebCore::RenderBlock::checkFloatsInCleanLine WebCore::RenderBlock::determineEndPosition - free stack - WebCore::Node::detach WebCore::Element::detach Regressed: https://cluster-fuzz.appspot.com/revisions?range=110080:110106 Minimized Testcase (6.29 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96HnvSVa_zAZymgO5gBeRwxKg4LOC37SWD4XIB6bWH7OwFrPkycrBGFuCveyqs8naYjVEJ3Vn3MvNTOQK3uHUQGfrgvhq1CLcibrVVUPgaZ8ggVqRUKO6ta6aCzUJfYdV2v78-3_XpdbsfJQVSnla9b7PQctA Mar 29 2012,
Updating milestone. m18 is already out. Mar 30 2012,
Mar 30 2012,
Mar 30 2012,
Reverting wrong marking of security bugs by release management. Apr 2 2012,
Committed r112935: <http://trac.webkit.org/changeset/112935> Apr 2 2012,
Apr 22 2012,
M18: http://trac.webkit.org/changeset/114853 M19: http://trac.webkit.org/changeset/114854 Apr 23 2012,Remerged to M18 with MOAR COMPILE WIN M18: http://trac.webkit.org/changeset/114940 Apr 24 2012,
May 15 2012,
Marking old security bugs Fixed.. Oct 13 2012, Project Member
This issue has been closed for some time. No one will pay attention to new comments. If you are seeing this bug or have new data, please click New Issue to start a new bug. Mar 10 2013, Project Member
Mar 13 2013, Project Member
Mar 13 2013, Project Member
Mar 21 2013,
Mar 21 2013, Project Member
Mar 21 2013, Project Member
Mar 21 2013, Project Member
Apr 1 2013, Project Member
Apr 6 2013, Project Member
Jun 14 2016, Project Member
Oct 1 2016, Project MemberThis bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot Oct 2 2016, Project MemberThis bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot Oct 2 2016,
Apr 25 2018,
|
||||||||||||||||||||||||||||||
►
Sign in to add a comment |
Comment 1 by infe...@chromium.org, Dec 8 2011