Issue 693828 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Owner:	----
Closed:	Feb 2017
Cc:	tkent@chromium.org ifratric@google.com editing-dev@chromium.org
Components:	Blink>Editing
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz

Crash in blink::LocalFrame::document

Project Member Reported by ClusterFuzz, Feb 18 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6639457710374912

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000038
Crash State:
  blink::LocalFrame::document
  blink::DOMSelection::extend
  blink::V8Selection::extendMethodCallback
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=451282:451303

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97uXk6ORv9OR3nfFC2YDejPV5E5C0zD9EkPDiGRahQMiKSsyJkzFrb3_79NXUeBeJAL2nc9nx_nOXRmQcQrptawkYTOzWLXQK4BMq8_3MnPpPVTsLGgY4pWzyXS8gV8_WhA0aruzsO8a160FOE221VbWCmQ23-Qi62lW682xbsgwMp0uezBme8ELGBV-q66loPXve8sFJxic1pSGEQIyaFAad9-nFpHnmOvwzPXpRmEZ6eq3lsvfYBhEeVHh5p7IVO8kV3KsAZoeENno_19_X7cD1wXRknebDvAayUm_ls3k5d9hzUGfizdnNCPo4gpynPXuqwU1VaRzsweM07jobwRZxngw1jV2U8JIsGuzYd7cQ2vRIMz-F9MMpNiu3xbwElqmAr8A9wlD4dRTXQj0ohhxz7efg?testcase_id=6639457710374912


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by sigbjo...@opera.com, Feb 19 2017

Components: Blink>Editing

Comment 2 by yosin@chromium.org, Feb 20 2017

Cc: tkent@chromium.org
Mergedinto: 693807
Status: Duplicate (was: Untriaged)

Project Member

Comment 3 by ClusterFuzz, Feb 21 2017

ClusterFuzz has detected this issue as fixed in range 451573:451586.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6639457710374912

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000038
Crash State:
  blink::LocalFrame::document
  blink::DOMSelection::extend
  blink::V8Selection::extendMethodCallback
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=451282:451303
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=451573:451586

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97uXk6ORv9OR3nfFC2YDejPV5E5C0zD9EkPDiGRahQMiKSsyJkzFrb3_79NXUeBeJAL2nc9nx_nOXRmQcQrptawkYTOzWLXQK4BMq8_3MnPpPVTsLGgY4pWzyXS8gV8_WhA0aruzsO8a160FOE221VbWCmQ23-Qi62lW682xbsgwMp0uezBme8ELGBV-q66loPXve8sFJxic1pSGEQIyaFAad9-nFpHnmOvwzPXpRmEZ6eq3lsvfYBhEeVHh5p7IVO8kV3KsAZoeENno_19_X7cD1wXRknebDvAayUm_ls3k5d9hzUGfizdnNCPo4gpynPXuqwU1VaRzsweM07jobwRZxngw1jV2U8JIsGuzYd7cQ2vRIMz-F9MMpNiu3xbwElqmAr8A9wlD4dRTXQj0ohhxz7efg?testcase_id=6639457710374912


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 693828 link

Issue metadata

Crash in blink::LocalFrame::document

Issue description

Comment 1 by sigbjo...@opera.com, Feb 19 2017

Comment 1 Deleted

Comment 2 by yosin@chromium.org, Feb 20 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Feb 21 2017

Comment 3 Deleted

Sign in to add a comment