timloh: could you please take a look at this? Thanks!

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Looks the same as 631368.

ClusterFuzz has detected this issue as fixed in range 410916:411073.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5940262566363136

Fuzzer: inferno_twister
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: Heap-buffer-overflow READ 8
Crash Address: 0x6240011aa0f8
Crash State:
  blink::getPropertyNameAtomicString
  blink::getPropertyNameString
  blink::InlineStylePropertyMap::getProperties
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=407415:407421
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=410916:411073

Minimized Testcase (2.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96SmGGL5AvmJcT5UFf5anWAqb407py8WUPBoYpcCuALA0Q6pI64m4K-10MLKedzfd4oWoym7rkD9Z27wodQjpX88pJzjCa-1TTNsn-cBQ-0d7GoOuhVtnVYpnCxFcRvvS7yekVpvykC9KD_J1ggOGAmPhnVnw?testcase_id=5940262566363136

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot