New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 713053 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 698776
Owner:
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::Document::updateStyleAndLayout

Project Member Reported by ClusterFuzz, Apr 19 2017

Issue description

Cc: msrchandra@chromium.org
Components: Blink>WebFonts
Labels: M-60 Test-Predator-Correct-CLs
Owner: ksakamoto@chromium.org
Status: Assigned (was: Untriaged)
Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: ksakamoto
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/42bd5bf1a4db228077a4b44c70bff956470f0a75
Time: Mon Mar 06 10:46:09 2017
Lines 250 of file FontFaceSet.cpp which potentially caused crash are changed in this cl (frame #3, "chrome_child!blink::FontFaceSet::ready+0x20").
Minimum distance from crash line to modified line: 0. (file: FontFaceSet.cpp, crashed on: 250, modified: 250).

@ksakamoto -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Mergedinto: 698776
Status: Duplicate (was: Assigned)
This is already fixed.
Project Member

Comment 3 by ClusterFuzz, Apr 20 2017

ClusterFuzz has detected this issue as fixed in range 455091:455389.

Detailed report: https://clusterfuzz.com/testcase?key=5851663115223040

Fuzzer: inferno_twister
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000123
Crash State:
  blink::Document::updateStyleAndLayout
  blink::FontFaceSet::ready
  blink::V8FontFaceSet::readyAttributeGetterCallback
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=454842:454847
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=455091:455389

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv976NtdgdVI4V0k1x-vIF43oZsNRq8GFZZL1kIb6RXC6EsdAZlJLs74OtXGGkR9t-GOPafW6DwigKw9JRn4nEKzkx50oM-uEBIyEeI5jw0uG18cnoz-AuLH-gdjIrmphA8r8GLHbjxF0D-4WUSRWPv96x02t040nEWjmCryXlCz-bMYLV7B18RSq90nu9qoNaDIzJheb5CZmJ5e0dqIWnmujQjObA_w716a-fE5j8I8CTOUBJaGzaV0ttqwEfLzE9euGDp5QRWLyLFmioQSKtvd7PvHI666APH-jeA0dlTcn-WVgrkiR3xRCxgxfEnrUGLStIo_YdWVOZdw-t49Vbxv-D5MgYLaTUGy-XrBg28BqYP99WJY?testcase_id=5851663115223040


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment