Issue metadata
Sign in to add a comment
|
Stack-buffer-underflow in blink::LazyLineBreakIterator::LazyLineBreakIterator |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5161022052892672 Fuzzer: bj_broddelwerk Job Type: windows_asan_chrome Platform Id: windows Crash Type: Stack-buffer-underflow READ 4 Crash Address: 0x003e472c Crash State: blink::LazyLineBreakIterator::LazyLineBreakIterator blink::BreakingContext::handleText blink::LineBreaker::nextLineBreak Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome&range=409973:409977 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97b40NhaIeWsv9ytKXOkJQaFiFSuC6YKg6X0r0wahHqYMlWlusQjirBuDYQ-tc_qcDOBRvCZZdEVKAkstuwbIvVKS0GMvkRfCrIBrdxPv5cISt3oDs1UTIHJ9GfyoL6fKfUfOipj-WMzCTkswn8sfSnhYYEtKj35viOWJTXh7Gv0ec_NoA?testcase_id=5161022052892672 Issue manually filed by: mbarbella See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 6 2016
dgrogan and mstensho@opera.com have made some recent changes to third_party/WebKit/Source/core/layout/line/LineBreaker.cpp
,
Aug 6 2016
,
Aug 6 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 6 2016
I think regression from https://chromium.googlesource.com/chromium/src/+/046282e7297e25453ff3a589675dc618a5cc4a90. Windows ASAN was broken for a while, only reproducing on windows. This is crashing a ton on ClusterFuzz, please take a look soon.
,
Aug 7 2016
,
Aug 9 2016
If this is Windows-only, it's hard for me to do anything here, since I'm on Linux. Could someone on Windows confirm that my CL is to blame?
,
Aug 9 2016
Even clusterfuzz considers this not to be reproducible. Requested a another set of runs to see if it can identify a regression range. Without either a regression range or a reliable repro there really isn't much we can do.
,
Aug 10 2016
Well the problem is Clang ASAN was broken again after the last roll, now that issue is fixed, so we should get new repros. But we wont get regression range. The really weird part is this is only reproducing on Windows.
,
Aug 11 2016
Requested a new run and clusterfuzz still considers this to not be reproducible. Also gave the following regression range which doesn't make much sense. https://chromium.googlesource.com/chromium/src/+log/4f70f4aa155228044960e6521266c22e9f4e5539..ca4931526f851d5eb74bcb22b85af36a260f12c2?pretty=fuller
,
Aug 11 2016
,
Nov 27 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by raymes@chromium.org
, Aug 6 2016Components: Blink>Layout
Labels: Pri-1
Owner: e...@chromium.org
Status: Assigned (was: Untriaged)