Issue metadata
Sign in to add a comment
|
Crash in blink::findSnapContainer |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5001552607838208 Fuzzer: inferno_twister Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000013 Crash State: blink::findSnapContainer blink::SnapCoordinator::snapAreaDidChange blink::LayoutBox::updateScrollSnapMappingAfterStyleChange Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=398867:398897 Minimized Testcase (0.29 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94vZtwUvibJHhzlG5TV2fiMrszBLfMitMQ6bQN2LRGuFe7NYkZWYuZLCKqBQFPWAcLuCDo3yRvM94V-JQwoaHCM7XW1CHwlsXvWEe8L15zs5fH4FDPlsQS8ucvePjxl6XIyO3o_Rib0si_T4OMvuGQFyb9K1A Mixed prefixed and unprefixed requests<script src=full-screen-test.js></script> <script> var div = document.querySelector("div"); runWithKeyDown(function() { div.webkitRequestFullscreen(); }); </script> <style> * { text-emphasis-position: above left; scroll-snap-coordinate: left 68px top 54px; Filer: ashejole See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 10 2016
,
Jun 17 2016
snap-scroll issue, over to scrolling team for triage.
,
Jun 17 2016
majidvp@ I think this is your code...
,
Jul 7 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6494756033265664 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000038 Crash State: blink::SnapCoordinator::snapAreaDidChange blink::LayoutBox::updateScrollSnapMappingAfterStyleChange blink::LayoutBox::insertedIntoTree Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=392988:393062 Minimized Testcase (1.56 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97v6FGaqPvZhelXC1yInc5tH1IuFzDTKf5917OQu1-XHyRFQxWrkWLm1SVZc7_LJDqUYu1z9pAmmNbgndELzd-_wRCDGUtgYj976h2UOfZ3TxWKTNTAHWfmOqyDg3w9fXG3MMtuFD5fIn2PptPp9sen5ufTJA?testcase_id=6494756033265664 Filer: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 15 2016
ClusterFuzz has detected this issue as fixed in range 405467:405500. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6494756033265664 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000038 Crash State: blink::SnapCoordinator::snapAreaDidChange blink::LayoutBox::updateScrollSnapMappingAfterStyleChange blink::LayoutBox::insertedIntoTree Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=392988:393062 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=405467:405500 Minimized Testcase (1.56 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97v6FGaqPvZhelXC1yInc5tH1IuFzDTKf5917OQu1-XHyRFQxWrkWLm1SVZc7_LJDqUYu1z9pAmmNbgndELzd-_wRCDGUtgYj976h2UOfZ3TxWKTNTAHWfmOqyDg3w9fXG3MMtuFD5fIn2PptPp9sen5ufTJA?testcase_id=6494756033265664 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 16 2016
,
Jul 26 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5197101114064896 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000013 Crash State: blink::findSnapContainer blink::SnapCoordinator::snapAreaDidChange blink::LayoutBox::updateScrollSnapMappingAfterStyleChange Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=407355:407359 Minimized Testcase (0.24 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97yRbjFYKUFTbvIGaeVGs-vGd-phdGrMTKy1DlQvOUZz9TAWzynnt53Ougu_1kJvh2li0L-BemBWzrc2hVTMRHcBTlW9j05Rniw8-4QsmgiQnGZBQ9XkRdf3aYMiukFg_ekDb5h3UNUIBSSKibFyGflIkYW7g?testcase_id=5197101114064896 <style>html { } #video { scroll-snap-coordinate: 10px 10px; </style><video id="video"><script src="full-screen-test.js"</script> </script> <script> runWithKeyDown(function(){video.webkitRequestFullScreen()}); </script> Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6369223727382528 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000058 Crash State: blink::SnapCoordinator::snapAreaDidChange blink::LayoutBox::updateScrollSnapMappingAfterStyleChange blink::LayoutBox::insertedIntoTree Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=392988:393062 Minimized Testcase (0.22 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94GoS8-4L5tmNl4p3Zu3KPFlSrfwagXZHriLDCsNZzHQXIwxisY8-xEMMsAGL4HToCB3cT2jkxmeLijZ53FepDLUec936MrY6ogo0ah2tWyMCAsHHflNjQ88YjZvKG4ecJoOYFIbF6AjxO_HDcfml5jPzIoBA?testcase_id=6369223727382528 <style>#video { scroll-snap-coordinate: 10px 10px; </style><video id="video"><script src="full-screen-test.js"</script> </script> <script> runWithKeyDown(function(){video.webkitRequestFullScreen()}); </script> Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 13 2016
,
Nov 15 2016
ClusterFuzz has detected this issue as fixed in range 431875:431896. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6369223727382528 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000058 Crash State: blink::SnapCoordinator::snapAreaDidChange blink::LayoutBox::updateScrollSnapMappingAfterStyleChange blink::LayoutBox::insertedIntoTree Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=392988:393062 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=431875:431896 Minimized Testcase (0.22 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94GoS8-4L5tmNl4p3Zu3KPFlSrfwagXZHriLDCsNZzHQXIwxisY8-xEMMsAGL4HToCB3cT2jkxmeLijZ53FepDLUec936MrY6ogo0ah2tWyMCAsHHflNjQ88YjZvKG4ecJoOYFIbF6AjxO_HDcfml5jPzIoBA?testcase_id=6369223727382528 <style>#video { scroll-snap-coordinate: 10px 10px; </style><video id="video"><script src="full-screen-test.js"</script> </script> <script> runWithKeyDown(function(){video.webkitRequestFullScreen()}); </script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ashej...@chromium.org
, Jun 10 2016Labels: Te-Logged