Crash in blink::WebString::WebString |
||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5644267520524288 Fuzzer: inferno_twister Job Type: mac_asan_chrome Platform Id: mac Crash Type: UNKNOWN READ Crash Address: 0x000000000270 Crash State: blink::WebString::WebString blink::WebURL::WebURL blink::WebDocument::url Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_chrome&range=434476:434480 Minimized Testcase (0.59 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95bOsvzHsotdJ_d2DuWqTA2b-kYeiKo86_-5Gi0RT1QjZuDdGmR_4U5O3iLdOQqXs394IjmcuaUaL_Mz-Df6-BaBTAjypYWRlwcauI-sXnj2DMDLPG_HlE7uY7zjq4uvXMj-W4FUxb2d8PYuXnHr_wedOJjTg?testcase_id=5644267520524288 ><script> window.gc(); function eventhandler7() { /*string_event*/ var var00013 = "webkitprerenderload"; //line 15 /*DOMWindow*/ var var00215 = window; //line 240 /*long*/ var var00296 = var00215.setTimeout("eventhandler7()"); //line 328 var00215.close(); //line 378 /*DOMWindow*/ var var00357 = window; //line 396 /*string*/ var var00358 = "j&{9LqMW00c"; //line 397 /*string*/ var var00359 = Array(31); //line 398 /*DOMWindow*/ var var00360 = var00357.open(var00358,var00359,var00013); //line 399 } </script> M蝆<iframe onload=eventhandler7() id=tCF2</iframe> Additional requirements: Requires HTTP Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 8 2016
I don't believe my change could cause a crash like it. I'll take a quick look and see if I can fix it or can find someone more appropriate to re-assign.
,
Jan 7 2017
ClusterFuzz testcase 5644267520524288 is flaky and no longer reproduces, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||
►
Sign in to add a comment |
||
Comment 1 by msrchandra@chromium.org
, Dec 2 2016Labels: Test-Predator-Wrong-CLs
Owner: kinuko@chromium.org
Status: Assigned (was: Untriaged)