New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 691411 link

Starred by 2 users

Issue metadata

Status: Duplicate
Merged: issue 691338
Owner:
NOT IN USE
Closed: Feb 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

layoutObject->flowThreadContainingBlock() == this in LayoutMultiColumnFlowThread

Project Member Reported by ClusterFuzz, Feb 13 2017

Issue description

Cc: dsinclair@chromium.org nyerramilli@chromium.org
Components: Blink>Layout
Labels: Test-Predator-Wrong-CLs M-58
Owner: cbiesin...@chromium.org
Status: Assigned (was: Untriaged)
Findit did not find any culprit results.

assigning to /src/third_party/WebKit/Source/core/layout/OWNERS, request to check the issue and help.
Cc: cbiesin...@chromium.org
Components: -Blink>Layout Blink>Layout>MultiCol
Owner: msten...@opera.com
To Morten as this is a multicol issue.

Comment 3 by msten...@opera.com, Feb 13 2017

Mergedinto: 691338
Status: Duplicate (was: Assigned)
Project Member

Comment 4 by ClusterFuzz, Feb 14 2017

ClusterFuzz has detected this issue as fixed in range 449941:449952.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6516317843881984

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  layoutObject->flowThreadContainingBlock() == this in LayoutMultiColumnFlowThread
  blink::LayoutMultiColumnFlowThread::mapDescendantToColumnSet
  blink::LayoutMultiColumnFlowThread::flowThreadDescendantWasInserted
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=449612:449627
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=449941:449952

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96RX0dUHRX1_DUdF43YKdPsbXYn9mo0odt_ZGACvIaJYeUt35TbFG1tMiio9pFj-qCJzTrzQcAfyNPeMCIpc2kuzlycOwXySGcj90XWZyyCcgBTHPHPQdUTwK16TsEwpop3-3kcmJ3bPa3YHoE56vAolsGWp4GmMLYp0f4VAU-nhqq2U2JYb-dAO1bRuuryIZWgnOEVhnaduVMvSCK4w8bdvBGksLcEH-gTqU2CleVDlEBxFcOEkVB3BN1OBiLMSAxGthffOZcR8o4twIUjF9b1PSMdDEfFI0nIt19GXUzVwq6EP0z2uKyu4TR_7bMmd25ZmIWPkNhnRc9KLQY7esBhxOMHkL7T04SYx6wo6EU58DjFAmKC7CUmFN3C4LHdfrUvM1uDQrLNM4QIXXBLoXvK3cHzvw?testcase_id=6516317843881984


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment