New issue
Advanced search Search tips

Issue 636211 link

Starred by 1 user
Status: WontFix
Owner:
wangxianzhu@chromium.org
Closed: Oct 2016
Cc:
nyerramilli@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::InlineBox::operator

Project Member Reported by ClusterFuzz, Aug 10 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5658792203386880

Fuzzer: bj_broddelwerk
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000b9c
Crash State:
  blink::InlineBox::operator
  blink::MidpointState<blink::InlineIterator>::addMidpoint
  blink::BreakingContext::handleText
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_content_shell&range=405740:410785

Minimized Testcase (1.25 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96ceYnxkMzPNSFoVaZ94mIxhk5SUmvVO_N6GqTMCgH2IYWKmo2lKHoErWRwKR7qCrnom6z9jX8br1pJLca483vqz5E6LeGR6Vk3UTXxi_JlMXXsFRqTnurLe9XINWJZryVpg77QX5dNrRBJbUZs_Eg0I5y3UA?testcase_id=5658792203386880

Issue manually filed by: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by nyerramilli@chromium.org, Aug 10 2016

Cc: nyerramilli@chromium.org
Components: Tools>Test>FindIt>NoResult
Labels: M-54 findit-wrong Te-Logged
Owner: glebl@chromium.org
Status: Assigned (was: Untriaged)
seeing some changes to 'LayoutBlockFlow.cpp' in 
https://chromium.googlesource.com/chromium/src/+/c6d69f896f406c9a7801b29cb8c02a88e5b01770

glebl@, Could you please check the above issue & help us in finding an owner it its not yours.

note: Findit did not provide any information.

Comment 2 by glebl@chromium.org, Aug 10 2016

Owner: ----
https://crrev.com/409303 was reverted a week ago.

Comment 3 by tkonch...@chromium.org, Oct 4 2016

Components: -Tools>Test>FindIt>NoResult Tools>Test>FindIt>CorrectResult
Labels: -findit-wrong -M-54 M-55
Owner: wangxianzhu@chromium.org
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: Xianzhu Wang
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/f6c6259fca56e59fdb6d420f6d809d2c6c8cbdca
Time: Thu Jul 21 18:55:40 2016
File InlineBox.cpp is changed in this cl (and is part of stack frame #6, "blink::InlineBox::operator new")
Minimum distance from crash line to modified line: 10. (file: InlineBox.cpp, crashed on: 81, modified: 71).

Suspected Project: chromium
Suspected Component: Blink>Layout

Please reassign if this is not related to your change.

Comment 4 by wangxianzhu@chromium.org, Oct 7 2016

Status: WontFix (was: Assigned)
The test crashes during asan_malloc, so this seems not a problem of the caller. It's either an OOM or a problem of asan itself.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment