New issue
Advanced search Search tips

Issue 691171 link

Starred by 1 user
Status: Verified
Owner: ----
Closed: Feb 2017
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::LayoutMultiColumnSet::newFragmentainerGroupsAllowed

Project Member Reported by ClusterFuzz, Feb 11 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6195476203569152

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000ac
Crash State:
  blink::LayoutMultiColumnSet::newFragmentainerGroupsAllowed
  blink::LayoutMultiColumnFlowThread::appendNewFragmentainerGroupIfNeeded
  blink::LayoutMultiColumnFlowThread::contentWasLaidOut
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=449604:449634

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97_dNQEfaw9XhjN37UezFveXO22qwa_RF20NaT4Gg0y9ZRQ_U17wXlz57O4NB5BhFwBmcbDlsO9yfYE0fdRkOJngZi79UyzEQBOtWKYWUmkDOzfSy97q3Tr7pyzTGktCQnK--wXpwOwVu0xBuE3NphhNw5arZ0R_7TQZTNxsqJdDY0zhzDYUl0y6jZ__pBkvAr5XXIPiC_pdL7Grn3HbkxWhH0_8ZaWeXc9XVeh0oT84zaYi-dp0QXs93LWAYLYZr93rnxq_HdtnLv3S7lSJwbyp7O2s3VXfUSr1TwCD_xWcxDlJ6Ez8j4pmiuWSaGboxGkr2ieAE3Lpkp_7HdDkkivGcD5IOue6ZfRRbcWIVohHZ_4ntvU8NCijh05KCkUdqWMyAEchWY5_4DDIWOgW0KSSu3aug?testcase_id=6195476203569152


Additional requirements: Requires HTTP

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by ClusterFuzz, Feb 12 2017 

ClusterFuzz has detected this issue as fixed in range 449876:449877.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6195476203569152

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000ac
Crash State:
  blink::LayoutMultiColumnSet::newFragmentainerGroupsAllowed
  blink::LayoutMultiColumnFlowThread::appendNewFragmentainerGroupIfNeeded
  blink::LayoutMultiColumnFlowThread::contentWasLaidOut
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=449604:449634
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=449876:449877

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97_dNQEfaw9XhjN37UezFveXO22qwa_RF20NaT4Gg0y9ZRQ_U17wXlz57O4NB5BhFwBmcbDlsO9yfYE0fdRkOJngZi79UyzEQBOtWKYWUmkDOzfSy97q3Tr7pyzTGktCQnK--wXpwOwVu0xBuE3NphhNw5arZ0R_7TQZTNxsqJdDY0zhzDYUl0y6jZ__pBkvAr5XXIPiC_pdL7Grn3HbkxWhH0_8ZaWeXc9XVeh0oT84zaYi-dp0QXs93LWAYLYZr93rnxq_HdtnLv3S7lSJwbyp7O2s3VXfUSr1TwCD_xWcxDlJ6Ez8j4pmiuWSaGboxGkr2ieAE3Lpkp_7HdDkkivGcD5IOue6ZfRRbcWIVohHZ_4ntvU8NCijh05KCkUdqWMyAEchWY5_4DDIWOgW0KSSu3aug?testcase_id=6195476203569152


Additional requirements: Requires HTTP

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 2 by ClusterFuzz, Feb 12 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 6195476203569152 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment