New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 686007 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Not working on Chrome any more
Closed: Feb 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

i < size() in Vector.h

Project Member Reported by ClusterFuzz, Jan 27 2017

Issue description

Comment 1 by tkent@chromium.org, Jan 27 2017

Components: Blink>CSS
Labels: Test-Predator-Wrong M-58
Owner: meade@chromium.org
Status: Assigned (was: Untriaged)
Even this issue looks similar to  issue 681356 .
meade@:Could you please take a look into this if its related to your change.
Assigned referring to the  issue 681356 .Feel free to dupe it if its the same.
Currently its impacting to the head.
Project Member

Comment 3 by ClusterFuzz, Feb 1 2017

ClusterFuzz has detected this issue as fixed in range 447209:447221.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5856840278867968

Fuzzer: lcamtuf_cross_fuzz
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  i < size() in Vector.h
  blink::CSSValueList::item
  blink::TransformBuilder::createTransformOperations
  
Sanitizer: cfi (CFI)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=445271:445954
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_cfi_chrome&range=447209:447221

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96yyJOFlD5_5SKlB7usI3kNcsZCfzSiLv3fD-K0mYgpP7ARtMBl9Uc2Ax7BS3Io8SQZVqOHP2Vw6LU5gEsSeEg8ooInLXvWqoexkYyUVmQUwZ339fweMTqCJX3nR6FvbhdxcMlpeDNZ-3AGW977Q7gAcIhtNpqeB__eqS-vINtoR_XRHXsyoqlS4BX90Ifb2L_qgTMqALP3sjxTW9xVsnsvwIZeXNpel8xHdboSEN2b7XKam7bQMXN2P3cg6NzzH_CIjgB79MhjTQ8jjW-Pp0FLz1u9GTXyqdJOmaUyuztYbtlRL6El949SO7UxJEiGVW9ptTYDiBFAQMqljKuVFXO0lIXtHASW1valU176QlIWRI9rBZw?testcase_id=5856840278867968


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Feb 1 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5856840278867968 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment