New issue
Advanced search Search tips

Issue 614543 link

Starred by 0 users
Status: WontFix
Owner: ----
Closed: Apr 2017
Cc:
ligimole@google.com
vmp...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Stack-overflow in blink::BlockPainter::paintContents

Project Member Reported by ClusterFuzz, May 24 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6559490313027584

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7fffcbb3fa68
Crash State:
  blink::BlockPainter::paintContents
  blink::BlockFlowPainter::paintContents
  blink::BlockPainter::paintObject
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=395131:395342

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94C9mVnh7b2njFncNPXgNRNl8BFlHObLf5E384xxWRXys6SPiKrrXhGmVsScXV3OaL9Nk0HzZIdUEH7_pgZKZ5PZfwYZE4KL69HobyNeSVKJjpi9S_DIa9NqB1PWo87OHyDwJA2o84_LjSptJ28wX9VzhvVxQ


Filer: ligimole

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by ClusterFuzz, May 26 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6559490313027584

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7fffcbb3fa68
Crash State:
  blink::BlockPainter::paintContents
  blink::BlockFlowPainter::paintContents
  blink::BlockPainter::paintObject
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=395131:395342

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94C9mVnh7b2njFncNPXgNRNl8BFlHObLf5E384xxWRXys6SPiKrrXhGmVsScXV3OaL9Nk0HzZIdUEH7_pgZKZ5PZfwYZE4KL69HobyNeSVKJjpi9S_DIa9NqB1PWo87OHyDwJA2o84_LjSptJ28wX9VzhvVxQ


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 2 by cbiesin...@chromium.org, Jun 16 2016

Components: Blink>Paint

Comment 3 by cbiesin...@chromium.org, Jun 16 2016

Status: Untriaged (was: Available)

Comment 4 by schenney@chromium.org, Jun 16 2016

Labels: -Pri-1 Pri-2
Status: Available (was: Untriaged)
We generally don't prioritize stack overflow bugs.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by wkorman@chromium.org, Apr 25 2017

Status: WontFix (was: Available)
c#1 notes it's flaky and potentially fixed. Can't repro with minimized test case at ToT. There are two not helpful console messages, pasting below. Perhaps there was an overflow bug since fixed. Closing for now, reopen if we are able to repro.

[22696:22696:0424/172850.643015:613756294062:INFO:CONSOLE(53)] "Uncaught TypeError: (intermediate value) is not a function", source: file:///usr/local/google/home/wkorman/Desktop/fuzz-lyt-broddelwerk-652-1443268008bKFUHX1464056069.79.html (53)
[22696:22696:0424/172850.643788:613756294827:INFO:CONSOLE(105)] "Uncaught NotFoundError: Failed to execute 'removeChild' on 'Node': The node to be removed is no longer a child of this node. Perhaps it was moved in response to a mutation?", source: file:///usr/local/google/home/wkorman/Desktop/fuzz-lyt-broddelwerk-652-1443268008bKFUHX1464056069.79.html (105)

Sign in to add a comment