Issue metadata
Sign in to add a comment
|
Wild-access in blink::visualRectForDisplayItem |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6518316647841792 Fuzzer: marty_html_twiddler Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: Wild-access READ 4 Crash Address: 0x1881ec36 Crash State: blink::visualRectForDisplayItem blink::PaintController::commitNewDisplayItems blink::GraphicsLayer::paint Memory Tool: SYZYASAN Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=446719:446721 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv9765qGDdn9w9FP7PdQH4WmD7Fn_pxMqhIAk7pgzvK1S2GBteLN30Izg69qemyENKenz0EnEKsC0IuW-F0QZHcpsN2dnndiIQPf6GwfBBS_RDiSu1vb34vk0U0xErhBXHiFYN3weNwywYJHdzxLh00jQapwhn7i9kES4mYHSLwawNRvsP8Q2Ou0Zy7zPNFLy0Snk5oH1mdZTpOb0ssVLzyMuEP94Zcvyjx4GoTZ4VGjSnACeYj8ExWLVBYw0xEQZCxlwdFpYbg8_-v_w7jJ5TxgTO4-CZeDk6imaAsEFC_svdC1FCkxRoyhl1xqioxoJW9DW3IFcpjCZjr0rzMnxkhC1gFg1qPPRQ9HCRKHXWARNL-icZAU?testcase_id=6518316647841792 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 12 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 12 2017
,
Feb 12 2017
wangxianzhu@, could you take a look to see if this issue is related to your cl https://codereview.chromium.org/2657743004? Please feel free to reassign owner. Thanks!
,
Feb 15 2017
+mstensho chrishtr for bug 692693, though the root cause of this bug might be unrelated to bug 692693.
,
Feb 15 2017
This is not reproducible on ToT, but reproducible on the latest dev build. Bisected to https://chromium.googlesource.com/chromium/src/+log/598043a9d645cec72159c5dac7f0b21ac29ca470..bbea7637c1d6adafff338cd00b0de80d7a97cf69. I think https://chromium.googlesource.com/chromium/src/+/bfa6918b9aaf67f812459e5757e46485ff8ae1d4 fixed this.
,
Feb 16 2017
,
Feb 16 2017
Borrowing bug to get access to the fuzzer report.
,
Feb 16 2017
,
Mar 13 2017
,
May 25 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 21 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Feb 12 2017