!extraRowSpanningHeight in LayoutTableSection.cpp |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5233702935461888 Fuzzer: marty_html_twiddler Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !extraRowSpanningHeight in LayoutTableSection.cpp blink::LayoutTableSection::distributeRowSpanHeightToRows blink::LayoutTableSection::calcRowLogicalHeight Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=443258:443393 Minimized Testcase (0.69 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96iI-zCwygcpAuCpaCDprcu7oHcz_hzrOqFXnloTt7-d_2wQJ_Rot17p7SFdIzcwQL34U5-k_qyrrJY0PCmgCwNTv3zfQdPnUhROFNMZZRKGsSprT1gCz2KLe8FNOZljXZ5PgK8LRDZtnr9occmsqBmn4zpyCtNSFI75LxG2w5zrNvYqlmD3FTkLqRY2TdQQ2B0zw9bo2wJMaqnx9CULjy0bZNJ6pk-5VkEr8x3PuAGO4EegNIvDRUfrpxSTrH4jaj95NMD9-8IBcbXJU9w_mkVhyhsvT6yJhmSQRj5ZmKR2Ra0tRH5ai1JILM5SPS2EPh5FiWmhnMoObaqoZeHcIGG5KKKFm0uMzZ8DVj95j1MJ9w6Eq8?testcase_id=5233702935461888 <style> .c1 { visibility: collapse; padding-bottom: 100%; -webkit-column-count: 65536; } .c5[class^="c5"] { visibility: inherit; height: -webkit-calc(56% - 37px);</style> <script> var nodes = Array(); nodes[6] = document.createElement('tr'); nodes[6].setAttribute('class', 'c5'); nodes[59] = document.createElement('aside'); document.documentElement.appendChild(nodes[59]); nodes[64] = document.createElement('optgroup'); nodes[95] = document.createElement('th'); nodes[95].setAttribute('rowspan', '3'); nodes[95].setAttribute('class', 'c1'); nodes[59].appendChild(nodes[95]); setTimeout('try { nodes[6].appendChild(nodes[64]); } catch(e) {}'); nodes[59].appendChild(nodes[6]); </script> Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 30 2017
,
Jan 30 2017
,
Feb 16 2017
,
Mar 9 2017
ClusterFuzz has detected this issue as fixed in range 455565:455674. Detailed report: https://clusterfuzz.com/testcase?key=5233702935461888 Fuzzer: marty_html_twiddler Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !extraRowSpanningHeight in LayoutTableSection.cpp blink::LayoutTableSection::distributeRowSpanHeightToRows blink::LayoutTableSection::calcRowLogicalHeight Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=443258:443393 Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=455565:455674 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96iI-zCwygcpAuCpaCDprcu7oHcz_hzrOqFXnloTt7-d_2wQJ_Rot17p7SFdIzcwQL34U5-k_qyrrJY0PCmgCwNTv3zfQdPnUhROFNMZZRKGsSprT1gCz2KLe8FNOZljXZ5PgK8LRDZtnr9occmsqBmn4zpyCtNSFI75LxG2w5zrNvYqlmD3FTkLqRY2TdQQ2B0zw9bo2wJMaqnx9CULjy0bZNJ6pk-5VkEr8x3PuAGO4EegNIvDRUfrpxSTrH4jaj95NMD9-8IBcbXJU9w_mkVhyhsvT6yJhmSQRj5ZmKR2Ra0tRH5ai1JILM5SPS2EPh5FiWmhnMoObaqoZeHcIGG5KKKFm0uMzZ8DVj95j1MJ9w6Eq8?testcase_id=5233702935461888 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 9 2017
ClusterFuzz testcase 5233702935461888 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by nyerramilli@chromium.org
, Jan 30 2017Labels: Test-Predator-Wrong-CLs M-58
Owner: cbiesin...@chromium.org
Status: Assigned (was: Untriaged)