ClusterFuzz has detected this issue as fixed in range 401020:401085.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4679315589693440

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: Heap-buffer-overflow WRITE {*}
Crash Address: 0x7f202c2c0000
Crash State:
  content::WriteMemory
  content::BlobConsolidation::VisitMemory
  content::BlobConsolidation::ReadMemory
  
Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=383194:384397
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=401020:401085

Minimized Testcase (1.99 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96YRCbedd24JN55SViVTODVriiP8gXvHiKJQgZ2LpJZPvLC5O1eTeKh5nGZj2gtp9asaAfFCe4K8QSXWx3goO6Qpa42An9RNO04r8BeuW722zG3QEXlw4hHH7__IuQZyHPm6_xarUt6E9Nxss4WisCtt-JaoQ?testcase_id=4679315589693440

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Request-XX label, where XX is the Chrome milestone.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

Your fix is very close to the branch point. After the branch happens, please make sure to check if your fix is in.

- Your friendly ClusterFuzz

Before we approve merge to M52, Could you please confirm whether this change is baked/verified in Canary and safe to merge?

I'm afraid to say the rewards panel declined to reward for this bug, as it had been previously fixed as part of 619217

Before we approve merge to M52, Could you please confirm whether this change is baked/verified in Canary and safe to merge?

awhalley@, could PTAL and see whether we need a merge to M52 here?

Apparently this was fixed by 619217, see https://bugs.chromium.org/p/chromium/issues/detail?id=619217#c13

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot