New issue
Advanced search Search tips

Issue 712780 link

Starred by 1 user
Status: Duplicate
Merged: issue 631151
Owner:
jochen@chromium.org
Closed: Apr 2017
Cc:
ifratric@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::HTMLFrameElementBase::DidNotifySubtreeInsertionsToDocument

Project Member Reported by ClusterFuzz, Apr 18 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5187570314248192

Fuzzer: ifratric-browserfuzzer-v3
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000000
Crash State:
  blink::HTMLFrameElementBase::DidNotifySubtreeInsertionsToDocument
  blink::ContainerNode::InsertNodeVector<blink::ContainerNode::AdoptAndInsertBefor
  blink::ContainerNode::ReplaceChild
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=440749:440754

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96XwY2YbyBC8JR-u-RJ5lxrxmMJGHYdaFai3Dlmc68rLy1jTNIJ6H7VwXu49890lfsRYeaFW4Nt1Avp-1CbnhfS7BFyNv0wb9iMNkEdXl6KdHW4ZMm7Dae5iLoW89U4rRZJsMd7ZHIzY_i2qHiKNy4MGtFjCzNkTnXWTB-4oPty_CkGBmpzEATRAIuMomiF79JTQ5YPedQTW2yeQg600pqOSjDABRFQtmq4cPhaKU7mzVTAb-hCtGsyLpyjf_EKch7XrQO0REf_7NeQMNuHWdG8UoEAavrMbpCeu9NaOrnRXcKy3fa0Mb156m4yo2ntXQVlwU-1dC5flXy5sRjBLWA6ToTbrTN-JKG0iGDQGq4h2Wlo59w?testcase_id=5187570314248192


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Apr 19 2017

Components: Blink>HTML
Labels: Test-Predator-Wrong M-58
Owner: jochen@chromium.org
Status: Assigned (was: Untriaged)
Through code search on file HTMLFrameElementBase.cpp, suspected CL is
https://chromium.googlesource.com/chromium/src/+/37f4cb6e819ebb1e6836a4525d0bbd951c66638a%5E%21/#F0
jochen@, could you please take a look?
Thank you

Comment 2 by jochen@chromium.org, Apr 19 2017

Mergedinto: 631151
Status: Duplicate (was: Assigned)

Sign in to add a comment