New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 712908 link

Starred by 1 user
Status: Fixed
Owner:
nainar@chromium.org
Not on Chrome anymore
Closed: Apr 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::FirstLetterPseudoElement::attachFirstLetterTextLayoutObjects

Project Member Reported by ClusterFuzz, Apr 18 2017

Comment 1 by mummare...@chromium.org, Apr 19 2017

Components: Blink>Layout
Labels: Test-Layout M-60 Test-Predator-Correct-CLs
Owner: nainar@chromium.org
Status: Assigned (was: Untriaged)
The result is a list of CLs that change the crashed files. 

Author: nainar
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/8b6c7b7ce5a36d8eda49dd6e60c5e7c8f5c7277f
Time: Wed Feb 22 10:52:39 2017
Lines 1318 of file ContainerNode.cpp which potentially caused crash are changed in this cl (frame #6, "chrome_child!blink::ContainerNode::rebuildChildrenLayoutTrees+0x34").

Comment 2 by nainar@chromium.org, Apr 19 2017

Labels: Update-Weekly
Project Member

Comment 3 by ClusterFuzz, Apr 20 2017 

ClusterFuzz has detected this issue as fixed in range 462610:462863.

Detailed report: https://clusterfuzz.com/testcase?key=5663670265970688

Fuzzer: marty_html_twiddler
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000003
Crash State:
  blink::FirstLetterPseudoElement::attachFirstLetterTextLayoutObjects
  blink::FirstLetterPseudoElement::attachLayoutTree
  blink::Node::reattachLayoutTree
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=451977:452026
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=462610:462863

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96Ma7ozAOuGP3MQZ6C_gHat_Vd_p2ptvqd-PDKEskKyHatowANf9NOCnvbWYhjCSZakdYKdqXJTWhP7p-8rJ2EdKIXKWB8gD1tln3xgaXBlgbp8Qr4CIXFlIcywo9Q1u00_8fOzyEuY4peA5KLG-g4-AWVgCkMJNxVRG-tN022Mv_i4rJQXcU-YSo1_rQ8ES0wBWarq6ajwPaH4uMajaOZTGbNcuKVbO81lnm0YVoPIUJFydp8t76g64Tz4P0EO5klbaoC_2whyLa7_O6Yy2E7AtRiF7UQ6m2p22fctgEXUOmEI4yWf8XpjGCilRhhKf5JBvlA6PaInUOOTwJJT0Xzzrwp9-diLiOSwza1IEbRuNROGrj4?testcase_id=5663670265970688


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 4 by nainar@chromium.org, Apr 20 2017

Status: Fixed (was: Assigned)

Sign in to add a comment