New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 690126 link

Starred by 1 user
Status: Duplicate
Merged: issue 686424
Owner:
f...@opera.com
Closed: Feb 2017
Cc:
mummare...@chromium.org
alancutter@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::SVGElement::applyActiveWebAnimations

Project Member Reported by ClusterFuzz, Feb 8 2017

Comment 1 by mummare...@chromium.org, Feb 8 2017

Cc: mummare...@chromium.org alancutter@chromium.org
Components: Blink>SVG
Labels: Test-Predator-Wrong M-57
Owner: f...@opera.com
Status: Assigned (was: Untriaged)
Through code search on file SVGElement.cpp, suspected CL is 
https://chromium.googlesource.com/chromium/src/+/a486c29cc95da9fc1ef8fbbb7aff8332e75dd2a1
fs@o, could you please take a look?

Comment 2 by f...@opera.com, Feb 9 2017 

Probably another dupe of  issue 686915

Comment 3 by f...@opera.com, Feb 10 2017

Mergedinto: 686424
Status: Duplicate (was: Assigned)
Project Member

Comment 4 by ClusterFuzz, Mar 1 2017 

ClusterFuzz has detected this issue as fixed in range 450625:450690.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6658753723367424

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x000000000060
Crash State:
  blink::SVGElement::applyActiveWebAnimations
  blink::SVGAnimatedString::animVal
  blink::V8SVGAnimatedString::animValAttributeGetterCallback
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=442831:443393
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=450625:450690

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95G3Z--zrtzsuf0EIcdFTo01vQu1dBAE8wP9JyT3kPQYKdOXzcyl1T8kz7zjdVX0sDiVsdm0Wwe54og1D8MC4RRThrJYnVs1s4m3xTejRl-LaXPmFjWWO9WBWGcZ8z4JWY2z0Hdo5Ecn1eG3myub8MeTtZKTA9-2tBUNJ88h6N6S3baZdXYbtcwc5tWA1PrVuJogtCVg25F5wKt1uU4WScKdsbbzoSI5AgUR104D3skRHw8SDbOfNyaV4fJiDWAhpvXjZOisvjydyodK-KI6aYlUVZ6ADak-5sVccGUvacSrBYqytD4WGlfeLO4FGScIAGRWphmVE607fNCQvAKw3KDWWtmDfrvE-JaHNVIfmb5J0g6wx08Gl9yTQEjbMl0ENd57-_wc3UUWz0VpG7wwCPZwB50Kg?testcase_id=6658753723367424


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by ClusterFuzz, Mar 1 2017 

ClusterFuzz has detected this issue as fixed in range 450625:450690.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6658753723367424

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x000000000060
Crash State:
  blink::SVGElement::applyActiveWebAnimations
  blink::SVGAnimatedString::animVal
  blink::V8SVGAnimatedString::animValAttributeGetterCallback
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=442831:443393
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=450625:450690

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95G3Z--zrtzsuf0EIcdFTo01vQu1dBAE8wP9JyT3kPQYKdOXzcyl1T8kz7zjdVX0sDiVsdm0Wwe54og1D8MC4RRThrJYnVs1s4m3xTejRl-LaXPmFjWWO9WBWGcZ8z4JWY2z0Hdo5Ecn1eG3myub8MeTtZKTA9-2tBUNJ88h6N6S3baZdXYbtcwc5tWA1PrVuJogtCVg25F5wKt1uU4WScKdsbbzoSI5AgUR104D3skRHw8SDbOfNyaV4fJiDWAhpvXjZOisvjydyodK-KI6aYlUVZ6ADak-5sVccGUvacSrBYqytD4WGlfeLO4FGScIAGRWphmVE607fNCQvAKw3KDWWtmDfrvE-JaHNVIfmb5J0g6wx08Gl9yTQEjbMl0ENd57-_wc3UUWz0VpG7wwCPZwB50Kg?testcase_id=6658753723367424


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Mar 1 2017 

ClusterFuzz has detected this issue as fixed in range 450625:450690.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6658753723367424

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x000000000060
Crash State:
  blink::SVGElement::applyActiveWebAnimations
  blink::SVGAnimatedString::animVal
  blink::V8SVGAnimatedString::animValAttributeGetterCallback
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=442831:443393
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=450625:450690

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95G3Z--zrtzsuf0EIcdFTo01vQu1dBAE8wP9JyT3kPQYKdOXzcyl1T8kz7zjdVX0sDiVsdm0Wwe54og1D8MC4RRThrJYnVs1s4m3xTejRl-LaXPmFjWWO9WBWGcZ8z4JWY2z0Hdo5Ecn1eG3myub8MeTtZKTA9-2tBUNJ88h6N6S3baZdXYbtcwc5tWA1PrVuJogtCVg25F5wKt1uU4WScKdsbbzoSI5AgUR104D3skRHw8SDbOfNyaV4fJiDWAhpvXjZOisvjydyodK-KI6aYlUVZ6ADak-5sVccGUvacSrBYqytD4WGlfeLO4FGScIAGRWphmVE607fNCQvAKw3KDWWtmDfrvE-JaHNVIfmb5J0g6wx08Gl9yTQEjbMl0ENd57-_wc3UUWz0VpG7wwCPZwB50Kg?testcase_id=6658753723367424


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Mar 1 2017 

ClusterFuzz has detected this issue as fixed in range 450625:450690.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6658753723367424

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x000000000060
Crash State:
  blink::SVGElement::applyActiveWebAnimations
  blink::SVGAnimatedString::animVal
  blink::V8SVGAnimatedString::animValAttributeGetterCallback
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=442831:443393
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=450625:450690

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95G3Z--zrtzsuf0EIcdFTo01vQu1dBAE8wP9JyT3kPQYKdOXzcyl1T8kz7zjdVX0sDiVsdm0Wwe54og1D8MC4RRThrJYnVs1s4m3xTejRl-LaXPmFjWWO9WBWGcZ8z4JWY2z0Hdo5Ecn1eG3myub8MeTtZKTA9-2tBUNJ88h6N6S3baZdXYbtcwc5tWA1PrVuJogtCVg25F5wKt1uU4WScKdsbbzoSI5AgUR104D3skRHw8SDbOfNyaV4fJiDWAhpvXjZOisvjydyodK-KI6aYlUVZ6ADak-5sVccGUvacSrBYqytD4WGlfeLO4FGScIAGRWphmVE607fNCQvAKw3KDWWtmDfrvE-JaHNVIfmb5J0g6wx08Gl9yTQEjbMl0ENd57-_wc3UUWz0VpG7wwCPZwB50Kg?testcase_id=6658753723367424


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment