count <= kGenericMaxDirectMapped / sizeof(T) in PartitionAllocator.h |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5643797042298880 Fuzzer: inferno_twister Job Type: linux_asan_chrome_gpu Platform Id: linux Crash Type: Security CHECK failure Crash Address: Crash State: count <= kGenericMaxDirectMapped / sizeof(T) in PartitionAllocator.h blink::BlobData::appendBytes blink::Blob::populateBlobData Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_gpu&range=414680:414692 Minimized Testcase (0.42 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95ckCWK6EPpFwI3zbbktmkLvNdtsPzxJdfvUtrA0HKMumE92KIdksZ7ga9kCcPdt6DunHg-tkZCtDlNDBDRelArHgQ8ksEYyNhlYAJP81CFAoKwILpbCmatsYoSZOYLgPGR1-Mmh8niJ4esAdYRfzbnVIRemw?testcase_id=5643797042298880 Issue manually filed by: ajha See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Oct 17 2016
This is OOM.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 31 2017
ClusterFuzz has detected this issue as fixed in range 460757:461046. Detailed report: https://clusterfuzz.com/testcase?key=5643797042298880 Fuzzer: inferno_twister Job Type: linux_asan_chrome_gpu Platform Id: linux Crash Type: Security CHECK failure Crash Address: Crash State: count <= kGenericMaxDirectMapped / sizeof(T) in PartitionAllocator.h blink::BlobData::appendBytes blink::Blob::populateBlobData Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_gpu&range=414680:414692 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_gpu&range=460757:461046 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95wRkVWL66mdgpy2vPqIcwWkg76eGKvU4ZZ8bDR9oCo0_LJqpRcgkcjWm4PNrbGTCxEW4bneVbXRyI82nhAMEU29P5lRSkjKRKoU1DAU_BzO4G4VnfRmMABYAORFZ6qbqHsi9CQOo8sc3p8DyOFDLm-g6yvUczPUy4W9qhbY2hLKcHEptX3tBv0tlMKpGt_For_onGvnDrVhqRqNPgoFGYKnUd-vHJEn-ZcQ7E5lTsOTFRFddj2UGvVPdXx0QIE48RjAA6_QY6W2eb3rlofBfFLkz7cV6rRJbI3YqZpaMA-IKGepg6TnLqeG3p9TV0ak1vMEbnprnvWtG9K9OliTwzocGUzdTIjgtuWqprta67HCrbkSnEdbFzwWCWA7ryAqeC0f9PachWxojGfavZHEXUpvoTaUw?testcase_id=5643797042298880 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ajha@chromium.org
, Oct 17 2016Components: Blink>MemoryAllocator Tools>Test>FindIt>NoResult
Labels: M-56 Te-Logged
Owner: haraken@chromium.org
Status: Assigned (was: Untriaged)