Issue 690999 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	e...@chromium.org
Closed:	Feb 2017
Cc:	kcc@chromium.org █ tanin@chromium.org mmoroz@chromium.org jbroman@chromium.org █ mummare...@chromium.org █ msrchandra@chromium.org mbarbe...@chromium.org infe...@chromium.org och...@chromium.org █ aizatsky@chromium.org
Components:	Blink>Layout
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Libfuzzer Clusterfuzz M-58 Test-Predator-Wrong

Timeout in renderer_tree_fuzzer

Project Member Reported by ClusterFuzz, Feb 10 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5742321451925504

Fuzzer: libfuzzer_renderer_tree_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  renderer_tree_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=423431:423445

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97QobJTDPY8jmdmG2fszGp68FZkseisbomSCErDwMzCNk_Puh2qokfxnPxxZ3nyKc0_T9P_ciypEMakYjTT3Sa0Y8WKc5dDKgs2a0yOe2jSV-ltv4WoXVG5uByG9LMVvjnT_Ha0O9VErpwQN2MjyeWGavyrMUgegLITdtB_g7N7FO3X_wOb1gQmXLSGhmSopznnpdlbxJvIBEfRuM8jhi2Zg8Yke0PUYUjq1jmz8cLmciPAhUwfEK4RAY7vt5xv2k7jDF_qTeH0koFW-hMjBUyZg75C9-oyetiZRBnUZvzHKTloqSeEtdHrzSkUTpwxUn3AsuXOgsj_MFSZf13ltQXl64giLJtvtwWmDskced4tCZKSkDioJohtKpuk0LCHf-k4UESMlQLjTjoW-V5RbQYRh_hZHw?testcase_id=5742321451925504


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mummare...@chromium.org, Feb 10 2017

Cc: npm@chromium.org mummare...@chromium.org kcc@chromium.org dsinclair@chromium.org
Components: Internals>Plugins>PDF
Labels: Test-Predator-Wrong M-58

Could some one please look into this issue?
Thank you

Comment 2 by erikc...@chromium.org, Feb 14 2017

Components: -Internals>Plugins>PDF Blink

Comment 3 by rtoy@chromium.org, Feb 14 2017

Components: -Blink Blink>Layout

Comment 4 by mummare...@chromium.org, Feb 14 2017

Cc: -npm@chromium.org -dsinclair@chromium.org och...@chromium.org tanin@chromium.org msrchandra@chromium.org mmoroz@chromium.org mbarbe...@chromium.org jbroman@chromium.org ahaas@chromium.org infe...@chromium.org aizatsky@chromium.org

CC-ing some more people, please take a look?
Thank you.

Comment 5 by mmoroz@chromium.org, Feb 15 2017

Cc: -ahaas@chromium.org
Owner: e...@chromium.org

As it is Blink>Layout, passing over to eae@ for triage.

Comment 6 by e...@chromium.org, Feb 15 2017

Status: WontFix (was: Untriaged)

Shaping long uninterrupted strings is the worst case for our current implementation. Takes ~100ms without the fuzzer overhead.

►

Issue 690999 link

Issue metadata

Timeout in renderer_tree_fuzzer

Issue description

Comment 1 by mummare...@chromium.org, Feb 10 2017

Comment 1 Deleted

Comment 2 by erikc...@chromium.org, Feb 14 2017

Comment 2 Deleted

Comment 3 by rtoy@chromium.org, Feb 14 2017

Comment 3 Deleted

Comment 4 by mummare...@chromium.org, Feb 14 2017

Comment 4 Deleted

Comment 5 by mmoroz@chromium.org, Feb 15 2017

Comment 5 Deleted

Comment 6 by e...@chromium.org, Feb 15 2017

Comment 6 Deleted

Sign in to add a comment