Issue metadata
Sign in to add a comment
|
Bad-cast to blink::LayoutBox from blink::LayoutSVGEllipse;blink::LayoutObject::positionForPoint;blink::LayoutBox::clippingRect |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4868190553505792 Fuzzer: inferno_twister Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x7f8916f02268 Crash State: Bad-cast to blink::LayoutBox from blink::LayoutSVGEllipse blink::LayoutObject::positionForPoint blink::LayoutBox::clippingRect Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=411752:411843 Minimized Testcase (0.13 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94DRL-dS_2LgWexOmZW_lYWVbvfAklACrnS-hO9i6g79kIK4lDnJRLu3TWeIoGDfCX8XDPbHMh6k1pg40s5nfie0XYItmT0YXNiJQQomCv8Ah4Aj2Bqjr8dCXE1Ox0pRExRLlJkjXPmxAqku3pdjb3dkuqhcw?testcase_id=4868190553505792 <svg> <circle stroke=black</body><style> *:nth-last-of-type(odd) { animation: move 142.304131336s both -16ms; contain: strict; Issue manually filed by: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 17 2016
ClusterFuzz has detected this issue as fixed in range 412277:412329. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4868190553505792 Fuzzer: inferno_twister Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x7f8916f02268 Crash State: Bad-cast to blink::LayoutBox from blink::LayoutSVGEllipse blink::LayoutObject::positionForPoint blink::LayoutBox::clippingRect Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=411752:411843 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=412277:412329 Minimized Testcase (0.13 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94DRL-dS_2LgWexOmZW_lYWVbvfAklACrnS-hO9i6g79kIK4lDnJRLu3TWeIoGDfCX8XDPbHMh6k1pg40s5nfie0XYItmT0YXNiJQQomCv8Ah4Aj2Bqjr8dCXE1Ox0pRExRLlJkjXPmxAqku3pdjb3dkuqhcw?testcase_id=4868190553505792 <svg> <circle stroke=black</body><style> *:nth-last-of-type(odd) { animation: move 142.304131336s both -16ms; contain: strict; See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 17 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 17 2016
,
Nov 23 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Aug 16 2016Components: Blink>Layout
Labels: Pri-1
Owner: chrishtr@chromium.org