Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4714477091291136 Fuzzer: inferno_twister Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: i < size() in Vector.h blink::LayoutBlockFlow::appendFloatsToLastLine blink::LayoutBlockFlow::layoutRunsAndFloatsInRange Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=443258:443393 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94J0m-9vIG5ArR35Yyc1MOhuZBjgTjCq6bn1J64uwSXa1xA5P5shlOuW-KQqB_tFcECg-he1TTZ8RNCkUOi6dOGgysdJdNL54Vgmg9GVrySezeV4AGOx3SH6iNbHPfSbHhhNmJWQMiEYERgJAVqhHrLylgcZos3MhJvZNCShuaLN9l7fUBx5Ugn0DcE2jvcYu7aRrb8EqlCoYjxWIc5ger5gnfbbeHQikadDDG_T2d82sopf2yPtYyJyOvlsCjAY-zRbtBmMJgP8obaLzq7y1n1EmpikhrMlXK73bflFlR0dGnczwevJXgQBzfh0s2IQ5LPmp1p96pCsNgnSHGmr6oqPLUHfK3tPgxBLVdI4tA5qwaUAp8?testcase_id=4714477091291136 Additional requirements: Requires HTTP Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
This issue is similar to that of Bug Id: 657716. So, merging the issue into same. Please un-merge if that is not the case. Thank You.
ClusterFuzz has detected this issue as fixed in range 451968:452017. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4714477091291136 Fuzzer: inferno_twister Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: i < size() in Vector.h blink::LayoutBlockFlow::appendFloatsToLastLine blink::LayoutBlockFlow::layoutRunsAndFloatsInRange Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=443258:443393 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=451968:452017 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94J0m-9vIG5ArR35Yyc1MOhuZBjgTjCq6bn1J64uwSXa1xA5P5shlOuW-KQqB_tFcECg-he1TTZ8RNCkUOi6dOGgysdJdNL54Vgmg9GVrySezeV4AGOx3SH6iNbHPfSbHhhNmJWQMiEYERgJAVqhHrLylgcZos3MhJvZNCShuaLN9l7fUBx5Ugn0DcE2jvcYu7aRrb8EqlCoYjxWIc5ger5gnfbbeHQikadDDG_T2d82sopf2yPtYyJyOvlsCjAY-zRbtBmMJgP8obaLzq7y1n1EmpikhrMlXK73bflFlR0dGnczwevJXgQBzfh0s2IQ5LPmp1p96pCsNgnSHGmr6oqPLUHfK3tPgxBLVdI4tA5qwaUAp8?testcase_id=4714477091291136 Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by tkent@chromium.org
, Feb 28 2017