New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 628528 link

Starred by 1 user
Status: Duplicate
Merged: issue 620952
Owner:
pdr@chromium.org
Closed: Jul 2016
Cc:
pdr@chromium.org
suzyh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

ranges.size() == run.length() in Font.cpp

Project Member Reported by ClusterFuzz, Jul 15 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6039437540851712

Fuzzer: inferno_twister_custom_bundle
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  ranges.size() == run.length() in Font.cpp
  blink::Font::individualCharacterRanges
  blink::LayoutSVGInlineText::addMetricsFromRun
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=402879:403138

Minimized Testcase (0.67 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94A2mgr60TTQOmTgKYIHgInWSaNbZhtoq_pCwn9b0Z-Tef4-HD7pLXBNU8yRPZxOCc9yH6UmBODX2QcUQWdGuciHLph5phmoAfDY0bUuuj8tqBR3_hhBFcdnhd4C-FQynHurDE3p3LnrzkfumCqkKsmqUwQGQ?testcase_id=6039437540851712

Additional requirements: Requires HTTP

Filer: kavvaru

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by kavvaru@chromium.org, Jul 15 2016

Components: Tools>Test>FindIt>NoResult Blink>Fonts
Labels: Te-Logged M-53
Owner: suzyh@chromium.org
Status: Assigned (was: Available)
Regression CL
==============
https://chromium.googlesource.com/chromium/src/+log/ce612ebdb8874b563d020338969f20f227b8dd9f..84054e7c733cf2554838dcd3571494d37b3c97de?pretty=fuller

possible suspect from the above CL
https://codereview.chromium.org/2093423002

suzyh@ could you please look into this issue if it is related to your change,else please route this to an appropriate owner for this issue.

Thanks,

Comment 2 by f...@opera.com, Jul 15 2016

Cc: pdr@chromium.org
Project Member

Comment 3 by sheriffbot@chromium.org, Jul 15 2016

Labels: -M-53 M-54 MovedFrom-53
Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 4 by suzyh@chromium.org, Jul 18 2016

Cc: suzyh@chromium.org
Owner: hirosh...@chromium.org
My CL identified above is just moving some tests from one location to another. I've got another couple of changes in the specified CL range but don't see how they would be connected either.

+hiroshige
https://codereview.chromium.org/2108033005 touches fonts/mac/FontCacheMac.mm, which is at least in the right ballpark for a font-related crash on Mac, although the CL description suggests it was supposed to be a no-op change. hiroshige, can you take a look?

I've pressed the redo button on clusterfuzz in case it's a flake.

Comment 5 by pdr@chromium.org, Jul 21 2016

Mergedinto: 620952
Owner: pdr@chromium.org
Status: Duplicate (was: Assigned)
This is caused by https://chromium.googlesource.com/chromium/src/+/e4ff7ba1cfab002517238841505ca9bb7aff6595 and is a known issue on the old version of mac run by clusterfuzz. We're actively looking for repros on other platforms though.

Merging into 620952.

Comment 6 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment