New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 628135 link

Starred by 1 user
Status: WontFix
Owner:
dgro...@chromium.org
Closed: Sep 2017
Cc:
msrchandra@chromium.org
dgro...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

allocatedMinLogicalWidth <= cellMinLogicalWidth

Project Member Reported by ClusterFuzz, Jul 14 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5469247715409920

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  allocatedMinLogicalWidth <= cellMinLogicalWidth
  blink::TableLayoutAlgorithmAuto::calcEffectiveLogicalWidth
  blink::TableLayoutAlgorithmAuto::computeIntrinsicLogicalWidths
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=268656:269696

Minimized Testcase (0.22 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96rftMHURXHiL8GoXp1EmrG5PUv4jveTcBcoi3omGQ4W47iKvjvSRqjsJWyPdpSWQSTNwuwqAdGU2eF3dEDeXGTfc0PixWry5bSa3gJjjKmkTpp-ZcavUvo8XIei7kliqFHEO3fbkDGMf3Y-8p784rUXJpZ1Q?testcase_id=5469247715409920
<table cellspacing=0><td colspan=3>
								���� Personalize:��</tr>
<td width=28%><td width=44%>
		<table>
				<td>
				</table>
	<td width=28%><style>
* { animation-name: cfpulse90; word-spacing: 18446744073709551457mm;


Additional requirements: Requires HTTP

Filer: kavvaru

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by kavvaru@chromium.org, Jul 14 2016

Components: Blink>Layout Tools>Test>FindIt>CorrectResult
Labels: Te-Logged M-52
Owner: le...@chromium.org
Status: Assigned (was: Available)
No CL in the regression range changes the crashed files. The result is the blame information.

Author: jchaffraix@webkit.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/832bf0ee822cd6a9ac396a9de7b34138a87bc90c
Time: Wed Apr 18 23:07:51 2012
The CL last changed line 435 of file TableLayoutAlgorithmAuto.cpp, which is stack frame 0.

Author: leviw@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/521cc7dc7a3d4c6c565461a65f5f9dd9f1314cc2
Time: Fri Nov 04 00:56:59 2011
The CL last changed line 234 of file TableLayoutAlgorithmAuto.cpp, which is stack frame 1.

Author: dsinclair@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/1618938dede7873df2cb882d78345f29e0f145ce
Time: Sun Jan 25 07:25:02 2015
The CL last changed line 716 of file LayoutTable.cpp, which is stack frame 2.

Author: ojan@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/5a5c967647e32edb4e8e91ba83c04e6ef07cf9b0
Time: Mon Mar 11 23:20:56 2013
The CL last changed line 725 of file LayoutTable.cpp, which is stack frame 3.

Author: dsinclair@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/f5ea6de097cb98ed2d92b2b5a70ffbde56991dee
Time: Tue Feb 24 17:59:27 2015
The CL last changed line 1042 of file LayoutBox.cpp, which is stack frame 4.

Author: dgrogan
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/9428cfb16993a2329e87c65da096ca295132ef0f
Time: Thu May 19 08:29:28 2016
The CL last changed line 285 of file LayoutTable.cpp, which is stack frame 5.

Author: leviw@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/4e561fb8a914c3a7fd75ae5e1bcc446418b69b92
Time: Thu Mar 20 19:16:36 2014
The CL last changed line 461 of file LayoutTable.cpp, which is stack frame 6.

Suspected Project: chromium-blink
Suspected Component: Blink>Layout
======================

From the above CL  the changes made to the file "TableLayoutAlgorithmAuto.cpp" from frame 1 is more related to it.Hence assinging this to @leviw

leviw@ Could you please look into this issue if it is related to your change,else please route this to an appropriate owner for this issue.

Thanks,

Comment 2 by schenney@chromium.org, Jul 14 2016

Cc: e...@chromium.org
Owner: ----
Status: Untriaged (was: Assigned)
leviw@ is no longer working on Chromium.

Comment 3 by e...@chromium.org, Jul 14 2016

Cc: -e...@chromium.org dgro...@chromium.org
Components: -Blink>Layout Blink>Layout>Table
Labels: -Pri-1 Pri-2
Status: Available (was: Untriaged)
Project Member

Comment 4 by ClusterFuzz, Aug 5 2016

Labels: Stability-UndefinedBehaviorSanitizer
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6159364920705024

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::TableLayoutAlgorithmAuto::calcEffectiveLogicalWidth
  blink::TableLayoutAlgorithmAuto::computeIntrinsicLogicalWidths
  blink::LayoutTable::computePreferredLogicalWidths
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Minimized Testcase (0.49 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94owITng-6gSEzjFSLX4_dThbgq9knlMmhWzQMKpOLEb6eylQfCFJMduT6zs-xmFz-kBRiFX4uwuTW4QUWbBnHYSOVrQrx0yQF33v7xzfXQG1f7rKL6lhmoeEj7bUBjeLtVBP5nx1ScjyBzh9GY6VY0gI-oIQ?testcase_id=6159364920705024
<table><td>&#x53d4;	&#xe20c;*
&#x117d;
|&#x31d6;	@ &#xc4a27;	!N	v&#xe45b;	&#xe397; 	+4;	/q&#xcdd98;R	&#xfa9c;9&#xe751;
&#xe199;
&#x1150e; U&#xef57; Y&#x5243;f	&#x9357; &#x9a7a;i	&#x481c;&#xfadf;
u2&#x9293; 0&#x9f0dd;	&#xb21f;	&#x8492;	f
&#x8bff6;	~r&#xf418;	&#x7f7f; Ud
)
y &#xa66c8;	AL	&#x909c9;   &#xe67d;	&#x4734;&#xf5e2;
&#x7298;  &#x5d21;j	&#xcd61;&#x9f61;
&#x6754;	&#x587c;	M&#x74c70;	&#x39f1; id=tCF8</tr>
    <td colspan=2 width=100%><style>
* { animation-name: cfpulse99; word-spacing: 32717pc;


Issue manually filed by: ranjitkan

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by msrchandra@chromium.org, Dec 6 2016

Cc: -dgro...@chromium.org msrchandra@chromium.org
Labels: Test-Predator-Wrong-CLs
Owner: dgro...@chromium.org
Status: Assigned (was: Available)
Unable to find possible suspect using Find it and CL.
Using Code Search for the file, "TableLayoutAlgorithmAuto.cpp" assigning to the concern owner.

Suspecting the Commit# 
https://chromium.googlesource.com/chromium/src/+/89679f28e6d6e9ccd751f0314cb9ba6a0b455bc0

@dgrogan -- Could you please look into the issue, kindly re-assign if this is not related to your change.
Thank You.
Project Member

Comment 7 by ClusterFuzz, Sep 23 2017

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5469247715409920 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment