Issue metadata
Sign in to add a comment
|
Crash in blink::PaintLayerScrollableArea::PaintLayerScrollableArea |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6391520078331904 Fuzzer: attekett_dom_fuzzer Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN Crash Address: 0x000000000038 Crash State: blink::PaintLayerScrollableArea::PaintLayerScrollableArea blink::PaintLayer::updateScrollableArea blink::LayoutBoxModelObject::createLayer Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=378207:378422 Minimized Testcase (0.26 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97dDUfBhJqquQI1bMJyRT_MQ89K0LMqH4GPuZrbWPDS_62Jc5gqgx_BadhhSbghcw4Xps-nfzsoQGr15XJRQzpf5a-ys8ftpxnaOun0Hl_kr1iJ56_l0pFOGhttPXdu07vN6hu8_Bp0HqUWa2z79ddaJMQ3Bg <br><script> var test0=document.body.appendChild(document.createElement("mark")) setTimeout(function(){ test0.style['opacity']='0.2352309252601117'; }) setInterval(function(){ }) try{test0.style.setProperty('resize','horizontal','important');}catch(e){} </script> Filer: ranjitkan See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 2 2016
,
Mar 2 2016
Fixed by https://chromium.googlesource.com/chromium/src.git/+/b772a3d31c12361e22a8d6950cbef821ac3dc7d5
,
Mar 2 2016
Issue 591288 has been merged into this issue.
,
Mar 3 2016
ClusterFuzz has detected this issue as fixed in range 378770:378857. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6391520078331904 Fuzzer: attekett_dom_fuzzer Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN Crash Address: 0x000000000038 Crash State: blink::PaintLayerScrollableArea::PaintLayerScrollableArea blink::PaintLayer::updateScrollableArea blink::LayoutBoxModelObject::createLayer Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=378207:378422 Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=378770:378857 Minimized Testcase (0.26 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97dDUfBhJqquQI1bMJyRT_MQ89K0LMqH4GPuZrbWPDS_62Jc5gqgx_BadhhSbghcw4Xps-nfzsoQGr15XJRQzpf5a-ys8ftpxnaOun0Hl_kr1iJ56_l0pFOGhttPXdu07vN6hu8_Bp0HqUWa2z79ddaJMQ3Bg <br><script> var test0=document.body.appendChild(document.createElement("mark")) setTimeout(function(){ test0.style['opacity']='0.2352309252601117'; }) setInterval(function(){ }) try{test0.style.setProperty('resize','horizontal','important');}catch(e){} </script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 7 2016
Issue 591584 has been merged into this issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ranjitkan@chromium.org
, Mar 2 2016Labels: -Pri-1 -Type-Bug findit-for-crash Te-Logged M-51 Type-Bug-Regression Pri-2
Owner: wangxianzhu@chromium.org
Status: Assigned (was: Available)