New issue
Advanced search Search tips

Issue 713187 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Closed: Apr 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::Document::UpdateStyleAndLayoutTreeIgnorePendingStylesheets

Project Member Reported by ClusterFuzz, Apr 19 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5640311809507328

Fuzzer: ifratric-browserfuzzer-v3
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x000003f7
Crash State:
  blink::Document::UpdateStyleAndLayoutTreeIgnorePendingStylesheets
  blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets
  blink::FrameSelection::ComputeVisibleSelectionInDOMTreeDeprecated
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=450347:450395

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94DYCpAOK_qid2BaMIcpRyrDkYFGO0fAgkVk060pGCtPfJek5gekYowJblc5Y2rXZgvsi4KSJR-ebImSINotZZa-BVv2OIRIKOWHx7g6wZLvvj5s4uOcdz2CAxAXPta0v1dFy6Ir4NJgfyXQpsa0VIk2zyFRi9dMWyhIQG_8y8iMeRaI5bCe5ZjHUcg6LX3LhqwRrAlgU-irQrD1GetYvhU6JiQBVT05aQwNazhg162Hq0nEPHkFMw_xk5NxllIvF4kAPmD-P5jC_IqrGK21wjqJHTi5zKKk5V50mwUHSo9butmY6sqACtH74uU4kdIZsswvywceXyXgY_b4Vcx1FfMQtBxScvx63KtRbniEwntcu6kJU4?testcase_id=5640311809507328


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Project Member

Comment 1 by ClusterFuzz, Apr 20 2017

ClusterFuzz has detected this issue as fixed in range 465765:465806.

Detailed report: https://clusterfuzz.com/testcase?key=5640311809507328

Fuzzer: ifratric-browserfuzzer-v3
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x000003f7
Crash State:
  blink::Document::UpdateStyleAndLayoutTreeIgnorePendingStylesheets
  blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets
  blink::FrameSelection::ComputeVisibleSelectionInDOMTreeDeprecated
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=450347:450395
Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=465765:465806

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94DYCpAOK_qid2BaMIcpRyrDkYFGO0fAgkVk060pGCtPfJek5gekYowJblc5Y2rXZgvsi4KSJR-ebImSINotZZa-BVv2OIRIKOWHx7g6wZLvvj5s4uOcdz2CAxAXPta0v1dFy6Ir4NJgfyXQpsa0VIk2zyFRi9dMWyhIQG_8y8iMeRaI5bCe5ZjHUcg6LX3LhqwRrAlgU-irQrD1GetYvhU6JiQBVT05aQwNazhg162Hq0nEPHkFMw_xk5NxllIvF4kAPmD-P5jC_IqrGK21wjqJHTi5zKKk5V50mwUHSo9butmY6sqACtH74uU4kdIZsswvywceXyXgY_b4Vcx1FfMQtBxScvx63KtRbniEwntcu6kJU4?testcase_id=5640311809507328


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 2 by ClusterFuzz, Apr 20 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 5640311809507328 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment