This appears to be a run-of-the-mill exhaustion of memory using createTextNode with a fixed size. I don't see anything that suggests an integer overflow.

(chrome_child.dll -partitions.cpp:123 )	WTF::partitionsOutOfMemoryUsing2G
(chrome_child.dll -partitions.cpp:181 )	WTF::Partitions::handleOutOfMemory()
(chrome_child.dll -partitionalloc.cpp:343 )	WTF::partitionOutOfMemory
(chrome_child.dll -partitionalloc.cpp:892 )	WTF::partitionAllocSlowPath(WTF::PartitionRootBase *,int,unsigned int,WTF::PartitionBucket *)
(chrome_child.dll -stringimpl.cpp:348 )	WTF::StringImpl::createUninitialized(unsigned int,wchar_t * &)
(chrome_child.dll -v8stringresource.cpp:127 )	blink::v8StringToWebCoreString<WTF::String>(v8::Local<v8::String>,blink::ExternalMode)
(chrome_child.dll -v8stringresource.h:218 )	blink::V8StringResource<1>::operator WTF::String()
(chrome_child.dll -v8document.cpp:4037 )	blink::DocumentV8Internal::createTextNodeMethod
(chrome_child.dll -api-arguments.cc:19 )	v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const &))
(chrome_child.dll -builtins-api.cc:106 )	v8::internal::`anonymous namespace'::HandleApiCallHelper<0>
(chrome_child.dll -builtins-api.cc:135 )	v8::internal::Builtin_Impl_HandleApiCall
(chrome_child.dll -builtins-api.cc:123 )	v8::internal::Builtin_HandleApiCall(int,v8::internal::Object * *,v8::internal::Isolate *)
(chrome_child.dll -execution.cc:139 )	v8::internal::`anonymous namespace'::Invoke
(chrome_child.dll -execution.cc:176 )	v8::internal::Execution::Call(v8::internal::Isolate *,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,int,v8::internal::Handle<v8::internal::Object> * const)
(chrome_child.dll -api.cc:1945 )	v8::Script::Run(v8::Local<v8::Context>)

ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=5488223070715904

Hi , 

Please let me know why the status in wont fix , is Clusterfuzz is analyzing my testcases ?
If yes so please grant me the permission as well to view the Bug Track.
Please advice.

Thank you 

ClusterFuzz can't reproduce this testcase and the stack points towards out of memory which is not a security vulnerability.
https://dev.chromium.org/Home/chromium-security/security-faq#TOC-Are-denial-of-service-issues-considered-security-bugs-

Hi , 

But please have a look on the attached POC the chromium , chrome runs out of memory , however I have able to produce crash as well.

Crash ID 5a738419-1b1b-40bd-8cb5-31c0ee953fae

However i woudld request please have a look on the this :

ftw@warmachine:~$ chromium-browser --debug --single-process int.html 
# Env:
#     LD_LIBRARY_PATH=/usr/lib/chromium-browser:/usr/lib/chromium-browser/libs
#                PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
#            GTK_PATH=
# CHROMIUM_USER_FLAGS=
#      CHROMIUM_FLAGS=  --enable-pinch
/usr/bin/gdb /usr/lib/chromium-browser/chromium-browser -x /tmp/chromiumargs.8weQ5F
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/lib/chromium-browser/chromium-browser...(no debugging symbols found)...done.
(gdb) run 
Starting program: /usr/lib/chromium-browser/chromium-browser --enable-pinch --single-process int.html
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe27f4700 (LWP 4560)]
[New Thread 0x7fffe1ff3700 (LWP 4565)]
[New Thread 0x7fffdb184700 (LWP 4566)]
[New Thread 0x7fffda983700 (LWP 4567)]
[New Thread 0x7fffda182700 (LWP 4568)]
[New Thread 0x7fffd8fde700 (LWP 4569)]
[New Thread 0x7fffc7fff700 (LWP 4570)]
[New Thread 0x7fffc77fe700 (LWP 4572)]
[New Thread 0x7fffc6ffd700 (LWP 4573)]
[New Thread 0x7fffc67fc700 (LWP 4574)]
[New Thread 0x7fffe0007700 (LWP 4576)]
[New Thread 0x7fffc5ffb700 (LWP 4575)]
[New Thread 0x7fffc57fa700 (LWP 4577)]
[New Thread 0x7fffc4ff9700 (LWP 4578)]
[New Thread 0x7fffa6ea0700 (LWP 4579)]
[New Thread 0x7fffa669f700 (LWP 4580)]
[New Thread 0x7fffa5e9e700 (LWP 4581)]
[New Thread 0x7fffa569d700 (LWP 4582)]
[New Thread 0x7fffa4e9c700 (LWP 4583)]
[New Thread 0x7fff8ffff700 (LWP 4584)]
[New Thread 0x7fff8f7fe700 (LWP 4585)]
[New Thread 0x7fff8effd700 (LWP 4586)]
[New Thread 0x7fff8e7fc700 (LWP 4587)]
[New Thread 0x7fff8d8c4700 (LWP 4588)]
[New Thread 0x7fff8ce40700 (LWP 4668)]
[New Thread 0x7fff6bffd700 (LWP 4669)]
[New Thread 0x7fff6b7fc700 (LWP 4670)]
[New Thread 0x7fff6affb700 (LWP 4671)]
[4556:4584:1209/092753:ERROR:proxy_service_factory.cc(128)] Cannot use V8 Proxy resolver in single process mode.
[New Thread 0x7fff6a7fa700 (LWP 4672)]
[4556:4584:1209/092753:ERROR:proxy_service_factory.cc(128)] Cannot use V8 Proxy resolver in single process mode.
[New Thread 0x7fff69ff9700 (LWP 4673)]
[Thread 0x7fff69ff9700 (LWP 4673) exited]
[New Thread 0x7fff695e6700 (LWP 4674)]
[New Thread 0x7fff68a53700 (LWP 4675)]
[New Thread 0x7fff5146f700 (LWP 4676)]
[New Thread 0x7fff50c6e700 (LWP 4677)]
[New Thread 0x7fff47fff700 (LWP 4678)]
[New Thread 0x7fff477fe700 (LWP 4679)]
[New Thread 0x7fff46ffd700 (LWP 4680)]
[New Thread 0x7fff467fc700 (LWP 4681)]
[New Thread 0x7fff45ffb700 (LWP 4682)]
[New Thread 0x7fff3c60e700 (LWP 4762)]
[Thread 0x7fff3c60e700 (LWP 4762) exited]
[New Thread 0x7fff3c60e700 (LWP 4763)]
[Thread 0x7fffd8fde700 (LWP 4569) exited]
[New Thread 0x7fffd8fde700 (LWP 4765)]
[Thread 0x7fffc7fff700 (LWP 4570) exited]
[Thread 0x7fffd8fde700 (LWP 4765) exited]
[Thread 0x7fff3c60e700 (LWP 4763) exited]
[Thread 0x7fff45ffb700 (LWP 4682) exited]
[Thread 0x7fff467fc700 (LWP 4681) exited]
[Thread 0x7fff46ffd700 (LWP 4680) exited]
[Thread 0x7fff477fe700 (LWP 4679) exited]
[Thread 0x7fff47fff700 (LWP 4678) exited]
[Thread 0x7fff50c6e700 (LWP 4677) exited]
[Thread 0x7fff5146f700 (LWP 4676) exited]
[Thread 0x7fff68a53700 (LWP 4675) exited]
[Thread 0x7fff6a7fa700 (LWP 4672) exited]
[Thread 0x7fff6affb700 (LWP 4671) exited]
[Thread 0x7fff6b7fc700 (LWP 4670) exited]
[Thread 0x7fff6bffd700 (LWP 4669) exited]
[Thread 0x7fff8ce40700 (LWP 4668) exited]
[Thread 0x7fff8d8c4700 (LWP 4588) exited]
[Thread 0x7fff8e7fc700 (LWP 4587) exited]
[Thread 0x7fff8effd700 (LWP 4586) exited]
[Thread 0x7fff8f7fe700 (LWP 4585) exited]
[Thread 0x7fff8ffff700 (LWP 4584) exited]
[Thread 0x7fffa4e9c700 (LWP 4583) exited]
[Thread 0x7fffa569d700 (LWP 4582) exited]
[Thread 0x7fffa5e9e700 (LWP 4581) exited]
[Thread 0x7fffa669f700 (LWP 4580) exited]
[Thread 0x7fffa6ea0700 (LWP 4579) exited]
[Thread 0x7fffc4ff9700 (LWP 4578) exited]
[Thread 0x7fffc57fa700 (LWP 4577) exited]
[Thread 0x7fffe0007700 (LWP 4576) exited]
[Thread 0x7fffc5ffb700 (LWP 4575) exited]
[Thread 0x7fffc67fc700 (LWP 4574) exited]
[Thread 0x7fffc6ffd700 (LWP 4573) exited]
[Thread 0x7fffc77fe700 (LWP 4572) exited]
[Thread 0x7fffda182700 (LWP 4568) exited]
[Thread 0x7fffda983700 (LWP 4567) exited]
[Thread 0x7fffdb184700 (LWP 4566) exited]
[Thread 0x7fffe1ff3700 (LWP 4565) exited]
[Thread 0x7fffe27f4700 (LWP 4560) exited]
[Thread 0x7fffe35b8a80 (LWP 4556) exited]

Program terminated with signal SIGKILL, Killed.
The program no longer exists.



When the page int.html is refresh twice the program gets kill.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot