New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 698969 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Mar 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Crash in blink::FrameView::updateAllLifecyclePhases

Project Member Reported by ClusterFuzz, Mar 7 2017

Issue description

Components: Blink>Layout
Cc: chrishtr@chromium.org skyos...@chromium.org kenrb@chromium.org wangxianzhu@chromium.org msten...@opera.com szager@chromium.org
Labels: Test-Predator-Wrong M-58
The result is a list of CLs that change the crashed files. 

Author: chrishtr
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/902ab929046fdb09759d1601bd430fdb64b2235c
Time: Thu Oct 06 23:24:05 2016
File Internals.cpp is changed in this cl (and is part of stack frame #3, "blink::Internals::elementLayoutTreeAsText")
Minimum distance from crash line to modified line: 1. (file: Internals.cpp, crashed on: 735, modified: 734).

Unable to find exact culprit CL, so adding developers who worked recently. could someone please take a look?
Thank you
Labels: -Pri-1 Pri-3
Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)
This happens in certain layout test only. Not urgent. Simple fix though.
Labels: -Stability-Crash -Stability-Memory-AddressSanitizer -M-58
Project Member

Comment 5 by ClusterFuzz, Mar 9 2017

ClusterFuzz has detected this issue as fixed in range 455091:455394.

Detailed report: https://clusterfuzz.com/testcase?key=5215912157511680

Fuzzer: inferno_twister
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x0000000000d0
Crash State:
  blink::FrameView::updateAllLifecyclePhases
  blink::Internals::elementLayoutTreeAsText
  blink::V8Internals::elementLayoutTreeAsTextMethodCallback
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=423512:423881
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=455091:455394

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94iMLZoGS9M7XkGYRLd2dNWftllG3k4f16TrUHd6tf83pA4f_vsBVXO5P9mhrdAd6hTKBmzHP2dV8D04muTuU365ehpoc95O5f_Ufhghn1uH71PbWc11oPYDEpCeeJlnWVYTgLkHE-AhhIQstWk0Ym_PunCGHvsOi5KstZMWwa6wcoUfTgjpsNn1YTOnnjJYiQ2jBNi_ScP35k53T93locuw5SGc0BHA_BbwUT-8C_FR6y2NRwCDxUSuwh0OdJsHe6NcAplMXqf4kuw_zNzPnJdLHm4BMBXZShlnSzt03CuT573aSu9qyZxrmZM6kFxCB_-ZMDBw4aTiYxRoiaOZhBcFUqxh6oaZvKmDlQFE8E9W_ARSR4?testcase_id=5215912157511680


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Mar 9 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5215912157511680 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment