Crash in blink::Node::layoutBox |
||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5205052268740608 Fuzzer: inferno_twister Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000010 Crash State: blink::Node::layoutBox blink::LayoutTextControl::computeLogicalHeight blink::LayoutBox::updateLogicalHeight Minimized Testcase (1.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95ukeMHebyPmtEI5REZUsi56IrcivB0ZyjFA3lPFZQ51awQxx-PHD6GXpn3hPiSKcHkwNJRQJHY9PaY8h1K9IUQfIPvxUTlkuJOPfXM37XmOVYzOZ_89Laww7OIC7mxZbj9Pw4ryd_fmv-WbP3dVPnKC9YvLA?testcase_id=5205052268740608 Filer: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 23 2016
,
Jun 24 2016
Moving this nonessential bug to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 28 2016
,
Jul 3 2016
This issue has been moved once and is lower than Pri-1. Removing the milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 25 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6270302376165376 Fuzzer: inferno_twister Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000008 Crash State: blink::LayoutTextControl::computeLogicalHeight blink::LayoutBox::updateLogicalHeight blink::LayoutBlockFlow::layoutBlockFlow Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=407429:407440 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95VgkUZBy5gLZE_WFxNinx8uYisLJOq1zjbL7sdZXCqccckEXCfmpebEIWlqC3Crl2Nc7i6RSf2MD16Rzi9l3hqrk7Zx014KsLLY1J9wpDG6nbcD5zF2XQOn3By-Kf74G1mTtJRWucvvte9BHsFluHMOm3n_Mwy5w9t8mXiUqdsxQo1V-Q?testcase_id=6270302376165376 Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 26 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6037724861825024 Fuzzer: inferno_twister Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x00000008 Crash State: blink::Node::layoutBox blink::LayoutTextControl::computeLogicalHeight blink::LayoutBox::updateLogicalHeight Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=414382:414438 Minimized Testcase (3.22 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96mPdkefYmYG_ybQGnV7g7I7xE1pIn2WiomFY2OH-fgtPfJCYStEBKvxmDzNSrm9sSb92ifrwIh7Sjx6d5RjmPggcveN05c6B6gL9xG6oQcX4q5ucDhPEthljXBoOP97-kJ-l3K732dM6Q6HA8mLUzO6V6T8w?testcase_id=6037724861825024 Additional requirements: Requires HTTP Issue manually filed by: durga.behera See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 9 2017
ClusterFuzz has detected this issue as fixed in range 455091:455394. Detailed report: https://clusterfuzz.com/testcase?key=5205052268740608 Fuzzer: inferno_twister Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000010 Crash State: blink::Node::layoutBox blink::LayoutTextControl::computeLogicalHeight blink::LayoutBox::updateLogicalHeight Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=363188:363337 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=455091:455394 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95ukeMHebyPmtEI5REZUsi56IrcivB0ZyjFA3lPFZQ51awQxx-PHD6GXpn3hPiSKcHkwNJRQJHY9PaY8h1K9IUQfIPvxUTlkuJOPfXM37XmOVYzOZ_89Laww7OIC7mxZbj9Pw4ryd_fmv-WbP3dVPnKC9YvLA?testcase_id=5205052268740608 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 9 2017
ClusterFuzz testcase 5205052268740608 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by mummare...@chromium.org
, Jun 23 2016Owner: le...@chromium.org
Status: Assigned (was: Available)