Issue metadata
Sign in to add a comment
|
Heap-use-after-free in blink::PaintLayer::removeChild |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5848340377370624 Fuzzer: marty_html_twiddler Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: Heap-use-after-free READ 4 Crash Address: 0x1798d457 Crash State: blink::PaintLayer::removeChild blink::LayoutObject::removeLayers blink::LayoutObject::removeLayers Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=384213:384232 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96GpnGEq_jLvTsB_xaOzwZ34vQ-DXYYycKYhKpboA0q3bJWm8nUBsakRaVwNfUkFHc3wst01oOSBGQc4rn4y4If_wUrPgxJCLnq2ktbANT_VffiT9NOUKkIIRRCcmio01kux6S5PbEYnwqAGzlB465CUs6GqGlT8GzxtG8yg9s2FVJEut0 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 1 2016
,
Apr 1 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5848340377370624 Fuzzer: marty_html_twiddler Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: Heap-use-after-free READ 4 Crash Address: 0x1798d457 Crash State: blink::PaintLayer::removeChild blink::LayoutObject::removeLayers blink::LayoutObject::removeLayers Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=384213:384232 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96GpnGEq_jLvTsB_xaOzwZ34vQ-DXYYycKYhKpboA0q3bJWm8nUBsakRaVwNfUkFHc3wst01oOSBGQc4rn4y4If_wUrPgxJCLnq2ktbANT_VffiT9NOUKkIIRRCcmio01kux6S5PbEYnwqAGzlB465CUs6GqGlT8GzxtG8yg9s2FVJEut0 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 1 2016
The CL which introduced this was reverted, I'll be sure to fix these cases before relanding.
,
Apr 1 2016
,
Jul 9 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
,
Jul 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Apr 1 2016Owner: flackr@chromium.org