Crash in mayNeedPaintInvalidation |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5939005045866496 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000041 Crash State: mayNeedPaintInvalidation mayNeedPaintInvalidation blink::LayoutObject::setMayNeedPaintInvalidation Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=431655:431691 Minimized Testcase (0.30 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96O0dWWlDrQ0cb0wKyCMoPweHgKAqZM4VPV2qUUg6oi3f2c8PDnm7ny2lph6luNgiAQVO37vio-gDr6ElGrOvNI_GndjFITCG-c6JOFJOLCjAH4Tu3ja7QSjBEHylChO128MCK2CRCKI7VFdP6CBgn7_KkqGg?testcase_id=5939005045866496 <body onload="__f_1();"> <script> function __f_0() { document.designMode = "on"; document.open(); var __v_0 = document.appendChild(document.createElement('iframe')); __v_0.focus(); document.execCommand("InsertHorizontalRule"); } runTest = __f_0; function __f_1() { runTest(); } </script> Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 15 2016
ClusterFuzz has detected this issue as fixed in range 431813:431838. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5939005045866496 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000041 Crash State: mayNeedPaintInvalidation mayNeedPaintInvalidation blink::LayoutObject::setMayNeedPaintInvalidation Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=431655:431691 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=431813:431838 Minimized Testcase (0.30 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96O0dWWlDrQ0cb0wKyCMoPweHgKAqZM4VPV2qUUg6oi3f2c8PDnm7ny2lph6luNgiAQVO37vio-gDr6ElGrOvNI_GndjFITCG-c6JOFJOLCjAH4Tu3ja7QSjBEHylChO128MCK2CRCKI7VFdP6CBgn7_KkqGg?testcase_id=5939005045866496 <body onload="__f_1();"> <script> function __f_0() { document.designMode = "on"; document.open(); var __v_0 = document.appendChild(document.createElement('iframe')); __v_0.focus(); document.execCommand("InsertHorizontalRule"); } runTest = __f_0; function __f_1() { runTest(); } </script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 15 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by msrchandra@chromium.org
, Nov 14 2016Components: Blink>Paint>Invalidation
Labels: Test-Predator-Correct-CLs
Owner: ymalik@chromium.org
Status: Assigned (was: Untriaged)