Issue 627838 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Jul 2016
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	----
Type:	Bug-Security
Reproducible Hotlist-SyzyASAN Security_Severity-High allpublic Clusterfuzz

Heap-use-after-free in blink::LayoutTableSection::markAllCellsWidthsDirtyAndOrNeedsLayout

Project Member Reported by ClusterFuzz, Jul 13 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6072046744502272

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: Heap-use-after-free READ 4
Crash Address: 0x0118ecab
Crash State:
  blink::LayoutTableSection::markAllCellsWidthsDirtyAndOrNeedsLayout
  blink::LayoutTableSection::styleDidChange
  blink::LayoutObject::setStyle
  
Recommended Security Severity: High


Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96GWpRDrQ5cPPwwaKDFxVPJ9fapeU_1AFlU1VOY8Q1GRjg5zJSoqCJ_89FjYrpoMxnFOemPryVL6RPcuhTmX8hqmUOuAv9dK_mj9wbDlndFZLKok0EJQQ4mzhQSGcflHGd3YUPmrKUkI6KHWcNy9bE3xMSFYpnk1Mzla2gsSYbYJpZvrbM?testcase_id=6072046744502272


Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmoroz@chromium.org, Jul 13 2016

Mergedinto: 627839
Status: Duplicate (was: Available)

Project Member

Comment 2 by sheriffbot@chromium.org, Oct 21 2016

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 627838 link

Issue metadata

Heap-use-after-free in blink::LayoutTableSection::markAllCellsWidthsDirtyAndOrNeedsLayout

Issue description

Comment 1 by mmoroz@chromium.org, Jul 13 2016

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Oct 21 2016

Comment 2 Deleted

Sign in to add a comment