Crash in blink::MemberBase<blink::SpellChecker, |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5243679574065152 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000210 Crash State: blink::MemberBase<blink::SpellChecker, blink::LocalFrame::spellChecker blink::HTMLElement::attributeChanged Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=447726:447727 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96-RSe7qpeWKvRfLJjLOjzSa8Zo4qgRG5LDisx60NtseASEsN3JCqaQUBABhAgkauV-dnpo1zmKAl6ZrQr_Xs_QMq6ZgZEF_kgw_4wh1TN_dq2x16QRkqDZJpQTtj7qY5Y-VEfDOwgdD6yDqQFE9Tg3rkgFwyKeWVbbUsEUoS1uBFex9gvqZ5ROdadrcJy8RyfDv8G7oQIswvyZ39Es7VzM9SCwoI2OF9QroB605uLriQsmLpHqW5-5xy9YW_hyjOG6mt-vXeNUiE1dm5A6tGxG5HtraDFZpH0me6zY-YGpWJolII1GdNL-J_hHFATtNoGmP7B9pfeHf1S8yB4LCLOVSQ3AaROZPo2X_mvwVc5lwc1e7VVogwdT1GdmjPKASFZhKS_JKeLrqy5kQ2nDRJYcLQTppQ?testcase_id=5243679574065152 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 3 2017
Assigning to the concern owner from Predator results -- The result is a list of CLs that change the crashed files. Author: rego Project: chromium Changelist: https://chromium.googlesource.com/chromium/src/+/03bd67fe0ded2c7031eb1c3efb39150056737492 Time: Thu Feb 02 08:40:23 2017 Lines 440-441 of file HTMLElement.cpp which potentially caused crash are changed in this cl (frame #2, "blink::HTMLElement::attributeChanged"). Minimum distance from crash line to modified line: 0. (file: HTMLElement.cpp, crashed on: 440, modified: 440). @rego -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Feb 3 2017
,
Feb 4 2017
ClusterFuzz has detected this issue as fixed in range 447975:447979. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5243679574065152 Fuzzer: inferno_twister Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000210 Crash State: blink::MemberBase<blink::SpellChecker, blink::LocalFrame::spellChecker blink::HTMLElement::attributeChanged Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=447726:447727 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=447975:447979 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96-RSe7qpeWKvRfLJjLOjzSa8Zo4qgRG5LDisx60NtseASEsN3JCqaQUBABhAgkauV-dnpo1zmKAl6ZrQr_Xs_QMq6ZgZEF_kgw_4wh1TN_dq2x16QRkqDZJpQTtj7qY5Y-VEfDOwgdD6yDqQFE9Tg3rkgFwyKeWVbbUsEUoS1uBFex9gvqZ5ROdadrcJy8RyfDv8G7oQIswvyZ39Es7VzM9SCwoI2OF9QroB605uLriQsmLpHqW5-5xy9YW_hyjOG6mt-vXeNUiE1dm5A6tGxG5HtraDFZpH0me6zY-YGpWJolII1GdNL-J_hHFATtNoGmP7B9pfeHf1S8yB4LCLOVSQ3AaROZPo2X_mvwVc5lwc1e7VVogwdT1GdmjPKASFZhKS_JKeLrqy5kQ2nDRJYcLQTppQ?testcase_id=5243679574065152 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||
►
Sign in to add a comment |
|||
Comment 1 by tkent@chromium.org
, Feb 3 2017