New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 712122 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::LayoutTextControl::computeLogicalHeight

Project Member Reported by ClusterFuzz, Apr 17 2017

Issue description

Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong M-59
Owner: dcheng@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not provide any possible suspects.
Assigning to the concern owner using Code Search for the file, "layouttextcontrol.cpp".

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/49c67797cd9be6221b2d36bc35700c36dd00839d

@dcheng -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by dcheng@chromium.org, Apr 17 2017

Cc: dcheng@chromium.org
Owner: tkent@chromium.org
I guess InnerEditorElement() is returning null, but it's not clear to me how this will happen.

Sorry tkent@, do you mind triaging this one as well? =(

Comment 3 by tkent@chromium.org, Apr 18 2017

Components: Blink>Forms>Text
Status: WontFix (was: Assigned)
The test case uses internals.shadowRoot(). We won't fix non-security crashes caused by it.

Project Member

Comment 4 by ClusterFuzz, Apr 20 2017

ClusterFuzz has detected this issue as fixed in range 465765:465806.

Detailed report: https://clusterfuzz.com/testcase?key=5154336893304832

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000008
Crash State:
  blink::LayoutTextControl::computeLogicalHeight
  blink::LayoutBox::computeLogicalHeight
  blink::LayoutBox::updateLogicalHeight
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=441031:441032
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=465765:465806

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96R1uPsPboB2KA_MlXRrXSa9RZ7H4CGAI6edeuhXRXeuUgJk4IXU5MRx6Ab-SSxwFllccxfZ4GisNYkGmE3BgPw7s8pcrAxKcMXIShbIAUBGvGEWzg03CKLhoYi19-t18nlPIsbm1VB9sDiNQvR2r6crTNtxI_7vX5ExRZ-Y9MEptbwZkGIKy7MNpDUnJjQmUrrKv-ihrTRvSfUioFfgoUIgp8ILzx1kBSNTy35oqGgBi5_9sg4XGnKIiBcXE3QxyDmXnDMXHxMWM63oFS9840fm3nUETFpHbIerEUe3wLmidtwqmbs6WA2r7AzS6rUa5Lgv81hHAFruBdP_FdGQk3ProZ3_cSqAHpdUTFd5tiSnUGvzpc?testcase_id=5154336893304832


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment