New issue
Advanced search Search tips

Issue 712920 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::DOMSelection::addRange

Project Member Reported by ClusterFuzz, Apr 19 2017

Issue description

Components: Blink>DOM
Labels: M-60 Test-Predator-Correct-CLs
Owner: tkent@chromium.org
Status: Assigned (was: Untriaged)
The result is a list of CLs that change the crashed files. 

Author: tkent
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/552ceb6deed19e86f89eb32b8fb3923217cefd7e
Time: Mon Feb 20 08:49:02 2017
File DOMSelection.cpp is changed in this cl (and is part of stack frame #2, "content_shell!blink::DOMSelection::addRange+0x109")
Minimum distance from crash line to modified line: 7. (file: DOMSelection.cpp, crashed on: 627, modified: 634).
Project Member

Comment 2 by ClusterFuzz, Apr 19 2017

ClusterFuzz has detected this issue as fixed in range 451616:451635.

Detailed report: https://clusterfuzz.com/testcase?key=4825702819168256

Fuzzer: inferno_twister
Job Type: windows_syzyasan_content_shell
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000013
Crash State:
  blink::DOMSelection::addRange
  blink::DOMSelectionV8Internal::addRangeMethod
  blink::V8Selection::addRangeMethodCallback
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=451573:451586
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=451616:451635

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv946e5ukaWbVNxnSh9n5Lt1xCoru0jUAPXFqcvqPqKgeCp7cuQmYEL9pzaUyWtYzu5mHGHAHtH6WtcoXufAcndtyCLwocVPEmYVBA-Vg5yLyLdhU9Fr_PMvhxqiPpD5ZVQ72iHtRuJc0yLA1Haaif5VovIhK8eH95klnYrkd_ZRcauCkKn6ime6oZKyXjPnngt3veGJoBo-8wXiOOosilGprw0vgB9Gn9eaxAe6ze7Wzl1lJg2CFHD966pmrfag685SJoSyGa9rcndim9qlZVtV3Z0sd9EJ_aLFZdbnjjQQedlsTvjE7VKFj52yNoUg30xndztkD9jw-q3dqxgVInbIqvwsuU1J_kQ_c_Mrq7uJsTZqWeb34w5McLQWEfGyCy0upqAbnOaq1tZWN7YiSakdClNiPHQ?testcase_id=4825702819168256


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Apr 19 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4825702819168256 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 4 by tkent@chromium.org, Apr 20 2017

Components: -Blink>DOM Blink>Editing>Selection
Maybe https://chromium.googlesource.com/chromium/src/+/552ceb6deed19e86f89eb32b8fb3923217cefd7e fixed this.

Sign in to add a comment