Issue 610640 link

Starred by 0 users

Issue metadata

Status:	WontFix
Owner:	wangxianzhu@chromium.org
Closed:	May 2016
Cc:	vmp...@chromium.org
Components:	Blink>Paint
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Te-Logged Stability-Crash Reproducible Stability-Memory-AddressSanitizer Stability-Memory-LeakSanitizer findit-wrong Clusterfuzz M-51

Stack-overflow in blink::BlockPainter::paintContents

Project Member Reported by ClusterFuzz, May 10 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6261726776918016

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7ffe40639e68
Crash State:
  blink::BlockPainter::paintContents
  blink::BlockPainter::paintObject
  blink::LayoutBlock::paintObject
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=259056:259494

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94GoS1zp74dBSPvIRXyfXZMHRlHv1A_G5Kc_kBvCLgr12O_GvTX_AjLQU5Ca_Gu-yDGD5_HCRSzF3H0_f0hNThx_ebNbX75NEL9yenklRRyUiOfjvWmdwvrNiMHSp0LIFqdDSkaq6-WRffF6dcWVsYJQ_kbaQ


Filer: rnimmagadda

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by rnimmagadda@chromium.org, May 10 2016

Components: Blink>Paint
Labels: -Pri-1 findit-wrong Te-Logged M-51 Pri-2
Owner: wangxianzhu@chromium.org
Status: Assigned (was: Available)

Found the culprit using the Code Search for the file - BlockPainter.cpp

Suspecting Commit - 3d52bb54aaa5d39147adf27e02fa04d0abd2fbf7

Review URL: https://codereview.chromium.org/1562183002

@wangxianzhu: Could you please look into the issue, and if it has nothing to do with your changes and if possible please do assign it to the concerned owner.

Thank you.

Comment 2 by wangxianzhu@chromium.org, May 10 2016

Status: WontFix (was: Assigned)

The stack overflow is intended by the test.

Project Member

Comment 3 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 610640 link

Issue metadata

Stack-overflow in blink::BlockPainter::paintContents

Issue description

Comment 1 by rnimmagadda@chromium.org, May 10 2016

Comment 1 Deleted

Comment 2 by wangxianzhu@chromium.org, May 10 2016

Comment 2 Deleted

Comment 3 by sheriffbot@chromium.org, Nov 22 2016

Comment 3 Deleted

Sign in to add a comment