Issue metadata
Sign in to add a comment
|
Stack-overflow in blink::CSSSelector::selectorText |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6708128179814400 Fuzzer: inferno_layout_test_unmodified Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffd8ac83fe8 Crash State: blink::CSSSelector::selectorText blink::CSSSelector::selectorText blink::CSSSelector::selectorText Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=259056:259494 Minimized Testcase (5.75 Kb): https://cluster-fuzz.appspot.com/download/AMIfv947zL9J0BpKZGbA2jEuMfxoKje8Q9rdSunurtwNdmGbUlI1L3LGTL_8ZRdSDAzVx9453jVE8krZBBwefIOs5pNQiNMb97dhwlhm-SVQnJuQuad5qoa-pxw89eW6tirC9rKZklEsPtoIbROD3ZjAjMsIT_58fA?testcase_id=6708128179814400 Filer: shans See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 21 2016
,
Jul 21 2016
Minimized test case contains the following line:
shouldBe("rule().selectorText = selectorListWithLength(8192); rule().selectorText");
so probably just due to a very large query?
,
Jul 22 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by dtapu...@chromium.org
, Jul 20 2016Status: Untriaged (was: Available)