New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 677593 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 697392
Owner: ----
Closed: Mar 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::Node::containsIncludingHostElements

Project Member Reported by ClusterFuzz, Dec 30 2016

Issue description

Cc: brajkumar@chromium.org
Components: Blink>HTML>Frame
Labels: Test-Predator-Wrong
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)
Find it and CL did not provide any possible suspect.
Using code search for file "frameselection.cpp " from line #41 suspecting the below change
Review URL: https://codereview.chromium.org/2221783003

yosin@ - Could you please check if this is caused with respect to your change, if not please help us in reassign the issue to the right owner.

Thanks!

Comment 2 by yosin@chromium.org, Mar 6 2017

Status: Available (was: Assigned)

Comment 3 by yosin@chromium.org, Mar 6 2017

Owner: ----
Mergedinto: 697392
Status: Duplicate (was: Available)
Project Member

Comment 5 by ClusterFuzz, Apr 17 2017

ClusterFuzz has detected this issue as fixed in range 453791:453840.

Detailed report: https://clusterfuzz.com/testcase?key=4944437076819968

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x0000000b
Crash State:
  blink::Node::containsIncludingHostElements
  blink::computePositionForChildrenRemoval
  blink::FrameSelection::nodeChildrenWillBeRemoved
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=440957:440968
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=453791:453840

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94NGIuC1ALUAernyE2KQy0Q9YUapr4VXYffNEb9GViUaEhfCzwvvO7urY147KlB5YahopVflJvUmk2mYG57IRshHwi6eShdER5fe2i98oKa4EQyoAjzu7rv-E283vDtKI9CuxVwq5ibcin2k_kgqQLnMkmy8BrovL2YVbqqOmB3ZKEtovWlAuY4OMVhJZvuAHOgXqX2PG-Ye_-KdqpwBp_WbfVLpIV4_yj5LmXhRMtbNfyNjwaT7QOwXAjNlUu-sWZUgXz_ERhi_YkaZe1PQ46LQWQRWqxedMFdqWn40tVqBXxKHGVhZLHjKxyNd1-ZBsY_BS2ryDo4eKok7Xt3qnBMsqZHvmMM89mq7DKESOxw5z4aIEQ?testcase_id=4944437076819968


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment