Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in blink::LayoutBox::markForPaginationRelayoutIfNeeded |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5725601440989184 Fuzzer: inferno_twister Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: blink::LayoutBox::markForPaginationRelayoutIfNeeded blink::LayoutTableSection::layout blink::FrameView::performLayout Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=394251:394739 Minimized Testcase (0.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94AG02xAcH9G2BmKQKOUZgNpcNhfkonu7fmsm1ACwqUu4AHBM1bLGXA1Vbs35kjJAF626IfXWC5UCwwGg49qJXpaIE0oNf6447zcSRm-wiwjKVQCI31D081HMtMYM-Eq1pH3PQu-s5ovH8xXlNrjbsgYfNNdA Filer: inferno See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 23 2016
eae@, could you please take a look at this? It looks like it might be related to issue 402056?
,
May 23 2016
Do you have enough bandwidth to look into this security bug David? See https://www.chromium.org/developers/testing/addresssanitizer for instructions for an asan build (which is needed to reproduce) it. If not, please assign back to me.
,
May 24 2016
,
May 25 2016
dgrogan@, we're doing a security fix-it this week; any chance you could look into it this week if you haven't already? Thanks!
,
May 25 2016
I plan to start on it this week but probably won't finish.
,
May 27 2016
,
May 28 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 31 2016
,
Jun 1 2016
,
Jun 3 2016
ClusterFuzz has detected this issue as fixed in range 397421:397444. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5725601440989184 Fuzzer: inferno_twister Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: blink::LayoutBox::markForPaginationRelayoutIfNeeded blink::LayoutTableSection::layout blink::FrameView::performLayout Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=394251:394739 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=397421:397444 Minimized Testcase (0.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94AG02xAcH9G2BmKQKOUZgNpcNhfkonu7fmsm1ACwqUu4AHBM1bLGXA1Vbs35kjJAF626IfXWC5UCwwGg49qJXpaIE0oNf6447zcSRm-wiwjKVQCI31D081HMtMYM-Eq1pH3PQu-s5ovH8xXlNrjbsgYfNNdA See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 9 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, May 23 2016