Crash in blink::DocumentMarkerController::markersInRange |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6017127517782016 Fuzzer: inferno_twister Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000010 Crash State: blink::DocumentMarkerController::markersInRange blink::SpellCheckRequest::create blink::SpellChecker::chunkAndMarkAllMisspellingsAndBadGrammar Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=371266:371278 Minimized Testcase (0.63 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95nDxAT2tjRTbvsP0V3G7z0eFcCSw2DsF9SZImUbENqEOwxjhi0v_yPm6XqmNqSj1nYC8xzR6B5ILdDR6YeyTtfw8aaX1h0Xv-HWGD0vppkj8XiJJ4YnL9dASBXKpmLIJwS-Kv6J8Vi7AKUMQAL7R97IGvrrg?testcase_id=6017127517782016 Filer: tkonchada See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 29 2016
Moving this nonessential bug to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 1 2016
This issue is Pri-1 but has already been moved once. Lowering the priority and moving to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 5 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5199635119603712 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x0000000b Crash State: blink::DocumentMarkerController::markersInRange blink::SpellCheckRequest::create blink::SpellChecker::chunkAndMarkAllMisspellingsAndBadGrammar Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=403457:403667 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv944W8rvEt6k15E5QJcPLGFruwG4IH8Pp269NEC7XAKSENcZZZTV6ENKWSdgIiWReKGn2JrMt_9FImlM7ncQk9KQt15L4CPshpY-6gMnyXfowNMS9jY5K4BhuUU4umsiL1zdJlBhdK3saAqU9KdL9dzmgH1GqA?testcase_id=5199635119603712 Filer: ssamanoori See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 5 2016
,
Jul 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4fb42e48b7175ccfabd887dc3ebb80a1697139e7 commit 4fb42e48b7175ccfabd887dc3ebb80a1697139e7 Author: yosin <yosin@chromium.org> Date: Fri Jul 08 02:09:37 2016 Make EphemeralRange to accept only valid positions This patch introduces |DCHECK_LE(start, end)| for start and end positions of |EphemeralRange| constructor and changing call sites of constructor for wrong start/end parameter case, to catch wrong call sites for improving code health and ease of debugging. This patch is intended to help to find the root cause of crbug.com/624335 , which causes null pointer reference for iterating over |nodeAsRangeFirstNode()| of start of range to |nodeAsRangePastLastNode()| of end of range. We would like to know which call site makes this wrong range. BUG= 624335 TEST=Covered by existing test Review-Url: https://codereview.chromium.org/2124213002 Cr-Commit-Position: refs/heads/master@{#404308} [modify] https://crrev.com/4fb42e48b7175ccfabd887dc3ebb80a1697139e7/third_party/WebKit/Source/core/editing/EphemeralRange.cpp [modify] https://crrev.com/4fb42e48b7175ccfabd887dc3ebb80a1697139e7/third_party/WebKit/Source/core/editing/spellcheck/SpellChecker.cpp [modify] https://crrev.com/4fb42e48b7175ccfabd887dc3ebb80a1697139e7/third_party/WebKit/Source/core/editing/spellcheck/TextCheckingHelper.cpp
,
Jul 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6379286298886144 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000010 Crash State: blink::DocumentMarkerController::markersInRange blink::SpellCheckRequest::create blink::SpellChecker::chunkAndMarkAllMisspellingsAndBadGrammar Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=371741:371854 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96B8eonYEWaVg_wvckEgF6Sad-rStL9092_8mrBISv1GT9oSaN-Q6M5eGm1bQi8VgokgLF1yYUGCgdKwRT9EBretZrlKb_8MW8K-K_Kw6XEOURBmMzFyCmyeUH-sjNgH60CO90nfHreCilyJ8uLWIgZvTyZFg?testcase_id=6379286298886144 Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 3 2016
ClusterFuzz has detected this issue as fixed in range 409147:409160. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6379286298886144 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000010 Crash State: blink::DocumentMarkerController::markersInRange blink::SpellCheckRequest::create blink::SpellChecker::chunkAndMarkAllMisspellingsAndBadGrammar Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=371741:371854 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=409147:409160 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96B8eonYEWaVg_wvckEgF6Sad-rStL9092_8mrBISv1GT9oSaN-Q6M5eGm1bQi8VgokgLF1yYUGCgdKwRT9EBretZrlKb_8MW8K-K_Kw6XEOURBmMzFyCmyeUH-sjNgH60CO90nfHreCilyJ8uLWIgZvTyZFg?testcase_id=6379286298886144 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 4 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 27 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by tkonch...@chromium.org
, Jun 29 2016Labels: findit-for-crash Te-Logged M-52
Owner: yosin@chromium.org
Status: Assigned (was: Available)