Issue metadata
Sign in to add a comment
|
Crash in blink::SVGElement::applyActiveWebAnimations |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6735272357396480 Fuzzer: inferno_twister Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x0000003c Crash State: blink::SVGElement::applyActiveWebAnimations blink::SVGAnimatedProperty<blink::SVGNumber,blink::SVGNumberTearOff,float>::anim v8::internal::Invoke Memory Tool: SYZYASAN Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_content_shell&range=446719:446721 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97YZjPCy5-LIc30eNJr5988PgXyXYRQZUyeWaGs3cREeMCtd45MFNvvqEqqMARXR70H17hzrn189_bNqt4EJM-h-NGUTROTSUis_SBFgdHQqN_JmFX4TZp5lfjDAXu0BApuud3gqKkL_dwrTeUZMwOwgBhwtUKso842tw6D_HjyYzxaNFB4UE4sg8bJAUTCeR6EYnTRg8s18vDsqt-AqT_ksM3GVdBv_SCNOfITCo4dvDrU00hOJKAmpNu60UKFrByU0DT6tLLfzj37eE7nPzDeovxpKheLmGp_LNN5XVYzKf3vFQyGBEJiqm9xGcetb6l7SyCeWRLMpRxNFO6NJBTFLkKyIzIsfU7M7xSZvxKaW1YYQnU?testcase_id=6735272357396480 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 30 2017
Different crash stack and test report, but same position as crbug.com/686424 . Asking for a redo on the regression range, as neither of the commits seem plausible.
,
Jan 31 2017
,
Feb 1 2017
Assigning to the concern owner who worked on the files, "svganimatedproperty.h" and "svgelement.cpp". @fs -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Feb 1 2017
Looking at the code involved it looks as if we have elementAnimations() but no SVGElementRareData.
,
Feb 10 2017
,
Apr 16 2017
ClusterFuzz has detected this issue as fixed in range 450686:450691. Detailed report: https://clusterfuzz.com/testcase?key=6735272357396480 Fuzzer: inferno_twister Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x0000003c Crash State: blink::SVGElement::applyActiveWebAnimations blink::SVGAnimatedProperty<blink::SVGNumber,blink::SVGNumberTearOff,float>::anim v8::internal::Invoke Memory Tool: SYZYASAN Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=446719:446721 Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=450686:450691 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97YZjPCy5-LIc30eNJr5988PgXyXYRQZUyeWaGs3cREeMCtd45MFNvvqEqqMARXR70H17hzrn189_bNqt4EJM-h-NGUTROTSUis_SBFgdHQqN_JmFX4TZp5lfjDAXu0BApuud3gqKkL_dwrTeUZMwOwgBhwtUKso842tw6D_HjyYzxaNFB4UE4sg8bJAUTCeR6EYnTRg8s18vDsqt-AqT_ksM3GVdBv_SCNOfITCo4dvDrU00hOJKAmpNu60UKFrByU0DT6tLLfzj37eE7nPzDeovxpKheLmGp_LNN5XVYzKf3vFQyGBEJiqm9xGcetb6l7SyCeWRLMpRxNFO6NJBTFLkKyIzIsfU7M7xSZvxKaW1YYQnU?testcase_id=6735272357396480 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by dtapu...@chromium.org
, Jan 30 2017