Issue 686030 link

Starred by 1 user

Issue metadata

Status:	Verified
Owner:	----
Closed:	Mar 2017
Components:	Blink>Layout
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz ClusterFuzz-Verified

Crash in blink::FirstLetterPseudoElement::attachFirstLetterTextLayoutObjects

Project Member Reported by ClusterFuzz, Jan 27 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5925118099587072

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::FirstLetterPseudoElement::attachFirstLetterTextLayoutObjects
  blink::Node::reattachLayoutTree
  blink::Element::updateFirstLetter
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=304984:305084

Minimized Testcase (0.81 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95rFXjCufw9yGoY5zlRwz_0JwCqpL1W2AsUOQZ1msf4ox9i-cmBJ0iIrd7febUwFFjSWu2KKV6RSsDsRZVLh9lLNLylJUqnQAIPv7mn856xeciwBD39lO7CD9TpHGs1fT8bVQKTh_GL1hPOJjkvS7BFuxUITq1hbfug46QkYnCzHxGX7rF7ZpIRrTMl2wYMmtM5mUH2fBmtLff9xUTJ8d5fvAgbCXoNBBfRFCuNatQeW_AM3mu7OXmSUno_UKOmpJclvBsyLBNTDbe1XmoKsjSrCTOzdZZlW0geZOhJWMQa-ctNHRzxRn0K7pK6H3wVqPvvGClXal69Pn46aXGSoPD9m5MnjStDRkz2LNGc63DCRc7BJ-Q?testcase_id=5925118099587072

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by dtapu...@chromium.org, Jan 27 2017

Components: Blink>Layout

Comment 2 by e...@chromium.org, Jan 30 2017

Labels: -Pri-1 Pri-2
Status: Available (was: Untriaged)

Project Member

Comment 3 by ClusterFuzz, Mar 9 2017

ClusterFuzz has detected this issue as fixed in range 455091:455389.

Detailed report: https://clusterfuzz.com/testcase?key=5925118099587072

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  blink::FirstLetterPseudoElement::attachFirstLetterTextLayoutObjects
  blink::Node::reattachLayoutTree
  blink::Element::updateFirstLetter
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=304984:305084
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=455091:455389

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95rFXjCufw9yGoY5zlRwz_0JwCqpL1W2AsUOQZ1msf4ox9i-cmBJ0iIrd7febUwFFjSWu2KKV6RSsDsRZVLh9lLNLylJUqnQAIPv7mn856xeciwBD39lO7CD9TpHGs1fT8bVQKTh_GL1hPOJjkvS7BFuxUITq1hbfug46QkYnCzHxGX7rF7ZpIRrTMl2wYMmtM5mUH2fBmtLff9xUTJ8d5fvAgbCXoNBBfRFCuNatQeW_AM3mu7OXmSUno_UKOmpJclvBsyLBNTDbe1XmoKsjSrCTOzdZZlW0geZOhJWMQa-ctNHRzxRn0K7pK6H3wVqPvvGClXal69Pn46aXGSoPD9m5MnjStDRkz2LNGc63DCRc7BJ-Q?testcase_id=5925118099587072


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 4 by ClusterFuzz, Mar 9 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)

ClusterFuzz testcase 5925118099587072 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 686030 link

Issue metadata

Crash in blink::FirstLetterPseudoElement::attachFirstLetterTextLayoutObjects

Issue description

Comment 1 by dtapu...@chromium.org, Jan 27 2017

Comment 1 Deleted

Comment 2 by e...@chromium.org, Jan 30 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Mar 9 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Mar 9 2017

Comment 4 Deleted

Sign in to add a comment