Issue metadata
Sign in to add a comment
|
Crash in blink::Range::toString |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6200862645157888 Fuzzer: lcamtuf_cross_fuzz Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::Range::toString blink::RangeV8Internal::toStringMethodCallback v8::internal::FunctionCallbackArguments::Call Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=405744:405768 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=407408:407421 Minimized Testcase (20.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97iWf3ipDDmlGjd_eo3ab5cfXRaFRUFbMY_jtmVtlAH82isFbwHP0fGm66aQoZRqaL09aPD78BzGfounEcA0LhpfxRTJMYiNTX0kcAmGkQU56Hz1bFk-RahJUdCIRST8Ez1R_YuTeNw6roxcskQ0sLStKA1Y1p6JA30rfPEwGnYHgp25ug?testcase_id=6200862645157888 Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 26 2016
"Range" object is unrelated to Blink>Forms>Range.
,
Jul 26 2016
That was "Rename enums/functions that collide in chromium style in core/dom/". This should go to the owners of the DOM component I guess. tkent do you know who that would be?
,
Jul 26 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 30 2016
It is still not possible to access Minimized Testcase.
,
Dec 1 2016
,
Dec 1 2016
I cannot reproduce it, tried with AddressSanitizer. It is probably fixed already.
,
Dec 5 2016
I can't reproduce this at r435888. lcamtuf, I'm curious how stable these repros are over time--it seems like they would change behavior when we add or remove properties from browser host objects? a.obzhirov, re: comment 8, clusterfuzz's repros can be quite involved; there's a lot of state not in the callstack. CF says this is fixed in 407408:407421. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rnimmagadda@chromium.org
, Jul 26 2016Labels: -Pri-1 -Type-Bug M-54 Findit-for-crash Te-Logged Pri-2 Type-Bug-Regression
Owner: danakj@chromium.org
Status: Assigned (was: Untriaged)