Crash in blink::HTMLElement::attributeChanged |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6063542592864256 Fuzzer: inferno_twister Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: UNKNOWN Crash Address: 0x000000cf Crash State: blink::HTMLElement::attributeChanged blink::Element::didModifyAttribute blink::Element::setAttribute Memory Tool: SYZYASAN Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=447955:447965 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94gbAv6E-9g7a9jqtsirPaPObTU8WPkr4kBiPNb_lIW-m8BLJIgH0yH-LMsCXNAICEpSSjS9LmZC84FCQiIpA8JHmMUeCuiK259Q2EAaKWP4zGyRECs45Bv4Ad1-TMw8WU4bEJ8yWykfMh5RXhnyXCJYG7P3roaueAMMAjchJIWMzWGwwfFpC8th1Pqf2i0-e_UUc75XaDy6vMtO64AZVH0q6GV6pbwPaAqBQjHVyKa1mLvtjZdsGqRF1eAa2dJr_9QgbVfHGtjaxUbL34PqDudGJqkbHZPxSb_e9d6BpEZYV8l0iMZeb8_mdRHM1inhgGDZ4G9OzADlIal87Lpzjd9rQMGtiOyNqhVPTL4vc772-niKO08-kasiMgi_lsgf_qV1m9_gxFrnVQ9olxfXS77DKhA-Q?testcase_id=6063542592864256 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 4 2017
Through code search on file HTMLElement.cpp, suspected CL is https://chromium.googlesource.com/chromium/src/+/5621cb109071401fc3cc9fc93e70955df0b7ae12 rego@, could you please take a look?. Thank you.
,
Feb 6 2017
Notice contenteditable=plaintext-only in there, so this may be editing related. Yosin, does this remind you of anything?
,
Feb 6 2017
xiaochengh@, could you put this issue in --webkit-user-modify deprecation plan as "plaintext-only" causes issue?
,
Feb 6 2017
Updated the deprecation plan accordingly
,
Feb 6 2017
This is another duplicated of bug #687984. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by dtapu...@chromium.org
, Feb 3 2017