Crash in blink::toScriptLoaderIfPossible |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5697047965728768 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000010 Crash State: blink::toScriptLoaderIfPossible blink::HTMLScriptRunner::runScript blink::HTMLScriptRunner::execute Minimized Testcase (0.48 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97zE21jbfHjDDqM7sRwYHeTDAqPH5vH8MBaiiEPBNwwaK_FdV4YwFu3Wdx0xBTa6wFsfv3stAdFb7EGem71HeVAWT63F_YN-cuLhnEaXFkUjLfKds2A0_yQcSwDbVvcH8y_SLemUIWErLFa87hJmJkG6pJjLw?testcase_id=5697047965728768 <style> @import url(N#Va_=l|3M&</style> <script> function eventhandler8() { /*Document*/ var var00102 = document; //line 111 /*Node*/ var var00103 = var00102; //line 112 /*HTMLDocument*/ var var00267 = document; //line 303 /*XMLSerializer*/ var var00268 = new XMLSerializer(); //line 304 /*DOMString*/ var var00269 = var00268.serializeToString(var00103); //line 305 var00267.writeln(var00269); //line 306 } </script> <style onload="eventhandler8()"></style> <iframe> Filer: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 2 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Jul 2 2016