Issue metadata
Sign in to add a comment
|
Wild-access in blink::SVGAnimatedProperty<blink::SVGAngle,blink::SVGAngleTearOff,void>::updateA |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5321369397231616 Fuzzer: inferno_twister Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: Wild-access WRITE 4 Crash Address: 0x040a0097 Crash State: blink::SVGAnimatedProperty<blink::SVGAngle,blink::SVGAngleTearOff,void>::updateA blink::LayoutBox::clippingRect blink::PaintInvalidationState::updateForNormalChildren Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=411953:411957 Minimized Testcase (1.52 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97YD8xwoDhbQhukadZzQp9QO3_HLje-_iFblbG9lFNFKfPkNf4ej7-zePj8y1Bsg6RmY4xPgHfApPD6i3y19dRAwPDomi7Ajc2EH28pfkR54mUYLpXdMo6cbcKrb5J3SqTHzTue31eyEp3fAMDYweaMfTV7xA?testcase_id=5321369397231616 Issue manually filed by: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 16 2016
,
Sep 6 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5732486044975104
,
Dec 15 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Aug 16 2016Labels: Pri-1
Owner: e...@chromium.org