New issue
Advanced search Search tips

Issue 640490 link

Starred by 1 user
Status: Fixed
Owner:
xiaoche...@chromium.org
Closed: Sep 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::SpellCheckRequest::isValid

Project Member Reported by ClusterFuzz, Aug 24 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6326551681695744

Fuzzer: bj_broddelwerk
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x0000000b
Crash State:
  blink::SpellCheckRequest::isValid
  WTF::Vector<blink::TextCheckingResult,0,WTF::PartitionAllocator>::expandCapacity
  blink::SpellCheckRequest::didSucceed
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=413785:413791

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94mx7MuIJoV61TNXdiwD87M2FpjCyPKSwH9CyfivfiF8-sLYOWhdOeLC4aEFeulj1j_Dn8Wd0FLraOUh-6A8Nsr8tXWLVmDolhtSj7Qggqb0BNnV_LGcW_k69OukVkv2vXNroSff4I6IfVkWFGDndpq7z3JgwDTqxSgsazWK52SZvrsSIk?testcase_id=6326551681695744


Issue manually filed by: durga.behera

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by durga.behera@chromium.org, Aug 24 2016

Components: Tools>Test>FindIt>WrongResult UI>Browser>Spellcheck
Labels: M-54 Te-Logged
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)
Suspected CLs
=============
No CL in the regression range changes the crashed files. The result is the blame information.

Author: shinyak@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/acb38b0ab5acfa3327e57f2d2bed9d7626d0f2d0
Time: Thu Apr 19 18:58:23 2012
The CL last changed line 476 of file spellcheck.cc, which is stack frame 4.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 214 of file bind_internal.h, which is stack frame 5.

Author: tzik
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f
Time: Fri Jul 01 05:54:12 2016
The CL last changed line 303 of file bind_internal.h, which is stack frame 6.

=========================
Suspected Project: chromium

This is impacting to the head.
From code search on the crashed file "spellcheckrequester.cpp" suspecting the below.
Suspect : https://codereview.chromium.org/2252973002
xiaochengh@ : Could you please take a look into this if its related to your change.

Comment 2 by xiaoche...@chromium.org, Aug 24 2016 

I haven't been able to reproduce the crash.

Hopefully, it's already fixed by r413942.

Comment 3 by xiaoche...@chromium.org, Sep 2 2016 

Prior to r413942, the test case hits a DCHECK in EphemeralRange's constructor; With the revision it does not crash anymore. Hence marking the issue as fixed.

Not sure how to update ClusterFuzz's report, though...

Comment 4 by xiaoche...@chromium.org, Sep 2 2016

Status: Fixed (was: Assigned)

Comment 5 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>WrongResult
Labels: Test-Predator-Wrong
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by lafo...@chromium.org, Apr 27 2017

Components: -UI>Browser>Spellcheck UI>Browser>Language>Spellcheck

Sign in to add a comment