Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: rniwa@webkit.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/79672f284256ae8cdade7ca7b2a87b319ff36f1b
Time: Thu Mar 29 09:48:42 2012
The CL last changed line 351 of file InlineBox.h, which is stack frame 0.

Author: rniwa@webkit.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/79672f284256ae8cdade7ca7b2a87b319ff36f1b
Time: Thu Mar 29 09:48:42 2012
The CL last changed line 129 of file InlineBox.h, which is stack frame 1.

Author: szager@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/b07d89f749873a04cde67e67efd9b4941ab66b20
Time: Sun May 31 16:33:32 2015
The CL last changed line 204 of file InlineBox.h, which is stack frame 2.

Author: szager@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/b07d89f749873a04cde67e67efd9b4941ab66b20
Time: Sun May 31 16:33:32 2015
The CL last changed line 205 of file InlineBox.h, which is stack frame 3.

Author: danakj
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/0b5c86b7b67ab235998e7dcddc00df65d833f87d
Time: Sat Feb 27 02:08:05 2016
The CL last changed line 440 of file RootInlineBox.cpp, which is stack frame 4.

Author: sl.ostapenko@samsung.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/fb3ec7184cc1d84f415db6c922913f26e143c385
Time: Sat Mar 01 04:07:13 2014
The CL last changed line 415 of file RootInlineBox.cpp, which is stack frame 5.

Author: danakj
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/0b5c86b7b67ab235998e7dcddc00df65d833f87d
Time: Sat Feb 27 02:08:05 2016
The CL last changed line 1329 of file VisibleUnits.cpp, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Blink>Layout
--------------------------------------------------------

@danakj: Hey, would you mind checking the above issue and see if its related to your suspected change which is frame 4 ?

Feel free to route the above issue to concern dev, if that is not the case.

I really appreciate your help.

Thank you!

Hi, my CLs just rename some enums. You'll have to look deeper.

/tosses to szager?

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5078573870481408

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x60e000028700
Crash State:
  blink::RootInlineBox::closestLeafChildForPoint
  blink::previousLinePosition
  blink::SelectionModifier::modifyMovingBackward
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=325152:325175

Minimized Testcase (1.35 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Fc7EV_kgWNq7Xiw-cIuEm6uXMptr9LknxixkRhBqMbq24Zc2g_4pUwVVXaJVDuU4CL4cMk9pDmmsbHbyL-6o9pGHqpNrJgW-jrvOuWgagteMbSEAZdA3QfE4uD8ZTzdSjqMY6XtXCq6gWrfMwrZEmooNHHw?testcase_id=5078573870481408

Filer: tanin

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5634844411559936

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: Heap-use-after-free READ 4
Crash Address: 0x07f1a5c0
Crash State:
  blink::RootInlineBox::block
  blink::RootInlineBox::closestLeafChildForPoint
  blink::previousLinePosition
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome&range=401554:401557

Minimized Testcase (1.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94pRg1M9RJUPZW692QaF8mwSmWr3DSF9e6mzM7NRz5gP9EY4Q3ILErvRU7-MV4mc9fW_wp_wMSADj5FsApm7db63Bu3cbrBZS5p7kvCgF--HQvKRVn5C_JH9VdcPNDBmGKRtJExfobg3axAlOwTbVVStDEUpA?testcase_id=5634844411559936

Filer: tanin

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 401557:401582.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5078573870481408

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x60e000028700
Crash State:
  blink::RootInlineBox::closestLeafChildForPoint
  blink::previousLinePosition
  blink::SelectionModifier::modifyMovingBackward
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=325152:325175
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=401557:401582

Minimized Testcase (1.35 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Fc7EV_kgWNq7Xiw-cIuEm6uXMptr9LknxixkRhBqMbq24Zc2g_4pUwVVXaJVDuU4CL4cMk9pDmmsbHbyL-6o9pGHqpNrJgW-jrvOuWgagteMbSEAZdA3QfE4uD8ZTzdSjqMY6XtXCq6gWrfMwrZEmooNHHw?testcase_id=5078573870481408

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Marking as fixed as per clusterfuzz.

ClusterFuzz has detected this issue as fixed in range 416842:416885.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5917336280498176

Fuzzer: bj_broddelwerk
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000021
Crash State:
  blink::RootInlineBox::closestLeafChildForLogicalLeftPosition
  blink::RootInlineBox::closestLeafChildForPoint
  blink::previousLinePosition
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=387407:387538
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=416842:416885

Minimized Testcase (2.72 Kb): https://cluster-fuzz.appspot.com/download/AMIfv950fBuL2xZMIy2EsFPDf5TzHpilRbOntwrnGb5dfx3o3nf_P2xa7znmxd3SjLzPf4BWBczrPyTmbZf0JRFIsVJmcJhrNbw--jW0OBNyxdKukAoz2DI3mxaPfqEY59KBH60FywfVP9o8-0RfxdNsHZhh8ZDOoQ?testcase_id=5917336280498176

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4540267824939008

Fuzzer: bj_broddelwerk
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000d
Crash State:
  blink::RootInlineBox::closestLeafChildForLogicalLeftPosition
  blink::RootInlineBox::closestLeafChildForPoint
  blink::nextLinePosition
  

Minimized Testcase (11.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95q6ZOw1AalnYGx-NIkDjMCk3S6RJXpKuBZsWfRGrVJj-PRKQegJUuZuFzhAaeLHIF9-gyNrIqwhMRVbc2OZHnCamEor6OIr-tzMyyHa1Ff8V5Iyv-xQYxxLDKlfVI_cZLIua0ZYs6YqRDweG0EaMLQJe9sJQ?testcase_id=4540267824939008

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 451236:451282.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4540267824939008

Fuzzer: bj_broddelwerk
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000d
Crash State:
  blink::RootInlineBox::closestLeafChildForLogicalLeftPosition
  blink::RootInlineBox::closestLeafChildForPoint
  blink::nextLinePosition
  
Sanitizer: address (ASAN)

Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=451236:451282

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95q6ZOw1AalnYGx-NIkDjMCk3S6RJXpKuBZsWfRGrVJj-PRKQegJUuZuFzhAaeLHIF9-gyNrIqwhMRVbc2OZHnCamEor6OIr-tzMyyHa1Ff8V5Iyv-xQYxxLDKlfVI_cZLIua0ZYs6YqRDweG0EaMLQJe9sJQ?testcase_id=4540267824939008


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 451236:451282.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4540267824939008

Fuzzer: bj_broddelwerk
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000d
Crash State:
  blink::RootInlineBox::closestLeafChildForLogicalLeftPosition
  blink::RootInlineBox::closestLeafChildForPoint
  blink::nextLinePosition
  
Sanitizer: address (ASAN)

Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=451236:451282

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95q6ZOw1AalnYGx-NIkDjMCk3S6RJXpKuBZsWfRGrVJj-PRKQegJUuZuFzhAaeLHIF9-gyNrIqwhMRVbc2OZHnCamEor6OIr-tzMyyHa1Ff8V5Iyv-xQYxxLDKlfVI_cZLIua0ZYs6YqRDweG0EaMLQJe9sJQ?testcase_id=4540267824939008


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 451236:451282.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4540267824939008

Fuzzer: bj_broddelwerk
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000d
Crash State:
  blink::RootInlineBox::closestLeafChildForLogicalLeftPosition
  blink::RootInlineBox::closestLeafChildForPoint
  blink::nextLinePosition
  
Sanitizer: address (ASAN)

Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=451236:451282

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95q6ZOw1AalnYGx-NIkDjMCk3S6RJXpKuBZsWfRGrVJj-PRKQegJUuZuFzhAaeLHIF9-gyNrIqwhMRVbc2OZHnCamEor6OIr-tzMyyHa1Ff8V5Iyv-xQYxxLDKlfVI_cZLIua0ZYs6YqRDweG0EaMLQJe9sJQ?testcase_id=4540267824939008


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.