Crash in blink::ElementStyleResources::loadPendingImages |
||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6414543130984448 Fuzzer: inferno_twister Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000008 Crash State: blink::ElementStyleResources::loadPendingImages blink::ElementStyleResources::loadPendingResources blink::StyleResolver::applyMatchedProperties Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=383194:384406 Minimized Testcase (0.53 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96mWg85KlXOyE54w_Js1oafi5smLClO71uwevPnW-34Dsp2KNtPR5DxVBNLoVn0BqNWINwGskpU874g9F7gC760qxXGH-qBa0KjEnrOTcaHCkdQrVOak5wDP5XUKb41ceFxZtNcWWNh0BsfSFRizP8PEmXZ7Q <style>.c31 { content: counter(ctr) url(chrome://favicon/) open-quote "Before " attr(class) } .c31 { content: counter(ctr) url(chrome://favicon/) open-quote "Before " attr(class) </style><script> var docElement = document.body ? document.body : document.documentElement; tCF176 = document.createElementNS("http://www.w3.org/1999/xhtml", "ul"); docElement.appendChild(tCF176); function editFuzz() { document.designMode = "on"; } setTimeout("try { editFuzz(); } catch(e) {}"); tCF176.setAttribute("class", "c31"); </script> Filer: nainar See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 9 2016
ClusterFuzz has detected this issue as fixed in range 385386:385450. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6414543130984448 Fuzzer: inferno_twister Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000008 Crash State: blink::ElementStyleResources::loadPendingImages blink::ElementStyleResources::loadPendingResources blink::StyleResolver::applyMatchedProperties Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=383194:384406 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=385386:385450 Minimized Testcase (18.06 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95RUPfMoseknFMXqdG5bMXxsBR6UbpFdiiw2ViLHrLSpi2XCPK3_OtjpObpd_f3DvtpS0OMHGFtwl8KH8s7PkGLhFmqANOkVW-JI_Leq7xKuMsZVoNv1pid8fP3AvczNrTzNe_dMGku5Vv889Y7GTqpi6AHQcq2NlS2ciahZYj8gKfUkHk See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||
►
Sign in to add a comment |
||
Comment 1 by alancutter@chromium.org
, Apr 6 2016Status: Duplicate (was: Available)