Crash in blink::FrameView::updateAllLifecyclePhases |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5215912157511680 Fuzzer: inferno_twister Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000000d0 Crash State: blink::FrameView::updateAllLifecyclePhases blink::Internals::elementLayoutTreeAsText blink::V8Internals::elementLayoutTreeAsTextMethodCallback Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_content_shell_drt&range=423512:423881 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94iMLZoGS9M7XkGYRLd2dNWftllG3k4f16TrUHd6tf83pA4f_vsBVXO5P9mhrdAd6hTKBmzHP2dV8D04muTuU365ehpoc95O5f_Ufhghn1uH71PbWc11oPYDEpCeeJlnWVYTgLkHE-AhhIQstWk0Ym_PunCGHvsOi5KstZMWwa6wcoUfTgjpsNn1YTOnnjJYiQ2jBNi_ScP35k53T93locuw5SGc0BHA_BbwUT-8C_FR6y2NRwCDxUSuwh0OdJsHe6NcAplMXqf4kuw_zNzPnJdLHm4BMBXZShlnSzt03CuT573aSu9qyZxrmZM6kFxCB_-ZMDBw4aTiYxRoiaOZhBcFUqxh6oaZvKmDlQFE8E9W_ARSR4?testcase_id=5215912157511680 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 8 2017
The result is a list of CLs that change the crashed files. Author: chrishtr Project: chromium Changelist: https://chromium.googlesource.com/chromium/src/+/902ab929046fdb09759d1601bd430fdb64b2235c Time: Thu Oct 06 23:24:05 2016 File Internals.cpp is changed in this cl (and is part of stack frame #3, "blink::Internals::elementLayoutTreeAsText") Minimum distance from crash line to modified line: 1. (file: Internals.cpp, crashed on: 735, modified: 734). Unable to find exact culprit CL, so adding developers who worked recently. could someone please take a look? Thank you
,
Mar 8 2017
This happens in certain layout test only. Not urgent. Simple fix though.
,
Mar 8 2017
,
Mar 9 2017
ClusterFuzz has detected this issue as fixed in range 455091:455394. Detailed report: https://clusterfuzz.com/testcase?key=5215912157511680 Fuzzer: inferno_twister Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000000d0 Crash State: blink::FrameView::updateAllLifecyclePhases blink::Internals::elementLayoutTreeAsText blink::V8Internals::elementLayoutTreeAsTextMethodCallback Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=423512:423881 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=455091:455394 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94iMLZoGS9M7XkGYRLd2dNWftllG3k4f16TrUHd6tf83pA4f_vsBVXO5P9mhrdAd6hTKBmzHP2dV8D04muTuU365ehpoc95O5f_Ufhghn1uH71PbWc11oPYDEpCeeJlnWVYTgLkHE-AhhIQstWk0Ym_PunCGHvsOi5KstZMWwa6wcoUfTgjpsNn1YTOnnjJYiQ2jBNi_ScP35k53T93locuw5SGc0BHA_BbwUT-8C_FR6y2NRwCDxUSuwh0OdJsHe6NcAplMXqf4kuw_zNzPnJdLHm4BMBXZShlnSzt03CuT573aSu9qyZxrmZM6kFxCB_-ZMDBw4aTiYxRoiaOZhBcFUqxh6oaZvKmDlQFE8E9W_ARSR4?testcase_id=5215912157511680 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 9 2017
ClusterFuzz testcase 5215912157511680 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by dtapu...@chromium.org
, Mar 7 2017