Issue metadata
Sign in to add a comment
|
Crash in blink::LayoutTextControl::getAvgCharWidth |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4984912272949248 Fuzzer: meacer_chromebot_extensions Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000044 Crash State: blink::LayoutTextControl::getAvgCharWidth blink::LayoutTextControlMultiLine::getAvgCharWidth blink::LayoutTextControl::computeIntrinsicLogicalWidths Minimized Testcase (48.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95hT2oScO86xdcL5SJSx9hAI6fp5HNvRGSfJPeryJqhw6F9ZVNjaxmpeKl6W_KyzoFKw05ZCT8PEdeA294rOPoL_9zGvSUavu09b3Hnwkq_WPy96P1RoSqbx_ZLP3JslhBI6UNFz104ZpeuLrdW-eavVZUl9H62hhiadonilKoc0sZPcTY?testcase_id=4984912272949248 Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 13 2016
,
Jul 13 2016
,
Jul 14 2016
,
Jul 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c37d7c08fe436fe0f53245eff661ada8c420a849 commit c37d7c08fe436fe0f53245eff661ada8c420a849 Author: eae <eae@chromium.org> Date: Wed Jul 13 23:59:30 2016 Check for primaryFont in LayoutTextControl::getAvgCharWidth Change LayoutTextControl::getAvgCharWidth to check if primaryFont is set before attempting to access it falling back on measuring the width of 0. BUG= 627818 R=cbiesinger@chromium.org Review-Url: https://codereview.chromium.org/2149683002 Cr-Commit-Position: refs/heads/master@{#405355} [modify] https://crrev.com/c37d7c08fe436fe0f53245eff661ada8c420a849/third_party/WebKit/Source/core/layout/LayoutTextControl.cpp
,
Jul 14 2016
ClusterFuzz has detected this issue as fixed in range 405185:405467. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4984912272949248 Fuzzer: meacer_chromebot_extensions Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00000044 Crash State: blink::LayoutTextControl::getAvgCharWidth blink::LayoutTextControlMultiLine::getAvgCharWidth blink::LayoutTextControl::computeIntrinsicLogicalWidths Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=405185:405467 Minimized Testcase (48.22 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96GoFe31-h8E5yCd6XQxwyllAfSstaoVyIITiH2mJMM8kuiFoJOa-RQ8sCb8zvczNHiUAILWrW5V4DxyMzo1_TbAwZAL1m3a9xWAdNxFepxSG8B7AOt-ob-mbkvN1YFvb_rD9nPPGw2oEIpEwVwGfp2XwcxOjq89Yj94K1nnXuJgz001zY?testcase_id=4984912272949248 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 14 2016
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rnimmagadda@chromium.org
, Jul 13 2016Labels: -Type-Bug M-54 findit-wrong Te-Logged Type-Bug-Regression
Owner: cbiesin...@chromium.org
Status: Assigned (was: Available)