Issue metadata
Sign in to add a comment
|
Heap-use-after-free in blink::LayoutTableSection::computeOverflowFromCells |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4832986549190656 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0x6110000295e8 Crash State: blink::LayoutTableSection::computeOverflowFromCells blink::LayoutTableSection::recalcChildOverflowAfterStyleChange blink::LayoutTable::recalcChildOverflowAfterStyleChange Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=387601:387928 Minimized Testcase (1.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95NvUOyhHjRjfCNDsvyVfehabK_690gTYQJHPhQjRctoEraV4q_Js7bD0FvsvySPv4Po_FT1LiXg808wW7CsIaQF8yPXVBcORHiNzjY4LxzK5vZeBNsMHBp5g_Flefa1_nstM2jXkpOxhT-LAL6kY7jXAuffA Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 19 2016
,
Apr 19 2016
,
Apr 19 2016
,
Apr 19 2016
,
Apr 19 2016
This looks like a regression from r387862 I'm afraid robhogan. https://codereview.chromium.org/1809643008 Would you mind taking a look?
,
Apr 19 2016
,
Apr 20 2016
,
Jul 28 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Apr 19 2016