Issue metadata
Sign in to add a comment
|
Crash in blink::SimpleFontData::isTextOrientationFallbackOf |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5590973664460800 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000004d0 Crash State: blink::SimpleFontData::isTextOrientationFallbackOf blink::ShapeResult::fallbackFonts blink::CachingWordShaper::width Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286 Minimized Testcase (1.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94wKxu6GxPCzxbgtHdtzaUUiUZ2fSyZ70VcYd0D_xYWYup9asy9lkIo4Fku3jINzFnXeEDhVNhTzlc-eiI_u09zAOCnfWQjuQrAHbwmffhkYhOCs-3dEBgSPS0-L53NmipTERV1orPh_SG7T5R9pfgdLRB1iQ Filer: ashejole See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 21 2016
,
Mar 22 2016
Another case where primaryFont being nullptr, probably dup of issue 561873? kulshin@, if this does not look related, could you please assign back to me?
,
Mar 23 2016
ClusterFuzz has detected this issue as fixed in range 381899:381909. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5590973664460800 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000004d0 Crash State: blink::SimpleFontData::isTextOrientationFallbackOf blink::ShapeResult::fallbackFonts blink::CachingWordShaper::width Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=381899:381909 Minimized Testcase (1.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94wKxu6GxPCzxbgtHdtzaUUiUZ2fSyZ70VcYd0D_xYWYup9asy9lkIo4Fku3jINzFnXeEDhVNhTzlc-eiI_u09zAOCnfWQjuQrAHbwmffhkYhOCs-3dEBgSPS0-L53NmipTERV1orPh_SG7T5R9pfgdLRB1iQ See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 25 2016
It's hard to tell if this is related. It looks similar, but the callstack is not quite the same. If you can repro, can you check if it's failing to load all fonts, particularly the last resort fallback font, or if it's failing for some reason other than font loading? If it's failing to load the last resort font then it's almost certainly related - feel free to assign back to me in that case.
,
Mar 27 2016
Thanks, will do, and I noticed that this isn't Windows so more likely I was wrong. Sorry for bothering.
,
Mar 28 2016
,
Apr 7 2016
Still unable to repro.
,
Apr 18 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4820075139301376 Fuzzer: bj_broddelwerk Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000004d0 Crash State: blink::SimpleFontData::isTextOrientationFallbackOf blink::ShapeResult::fallbackFonts blink::CachingWordShaper::width Minimized Testcase (29.11 Kb): https://cluster-fuzz.appspot.com/download/AMIfv957PGz59BrG_pfNpbL_qFqam9DZO6t0bUhxgE7NaDMxRsuf4F2-qzmg8s-bjME7BfG2rwkPgIQHeOVpHTLwadbbQwgj2sdzwj-3nlg130ekOYDTw62s6IgvBWXDF14ZQwXKcL2gpQsdm9F0ldEPIm0BD6_syhV84meRkeQv9M_Q10d6ylI Additional requirements: Requires Gestures Filer: ssamanoori See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 25 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4820075139301376 Fuzzer: bj_broddelwerk Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000004d0 Crash State: blink::SimpleFontData::isTextOrientationFallbackOf blink::ShapeResult::fallbackFonts blink::CachingWordShaper::width Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=144946:145047 Minimized Testcase (2.60 Kb): https://cluster-fuzz.appspot.com/download/AMIfv955o7pF3sHc57iCVEAuxBW-VPJylEHKPL9MHtgpkmGUmfSmcr_9G2FsmLF6W6d6WdYNy-WgSMhO3wiqLBMvaAXoBkjumL4SsZcrhwEuimWZXycy-2wSRcZWizkTqhMRkZxv0JERVYqJZJpYr8sHsQw6k8Gn6g Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 14 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ashej...@chromium.org
, Mar 21 2016Labels: -Type-Bug Type-Bug-Regression
Owner: kojii@chromium.org
Status: Assigned (was: Available)