Issue 713323 link

Starred by 1 user

Issue metadata

Status:	Verified
Owner:	----
Closed:	Apr 2017
Cc:	ifratric@google.com
EstimatedDays:	----
NextAction:	----
OS:	Android , Windows , Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz ClusterFuzz-Verified

Crash in blink::SVGEnumerationBase::calculateAnimatedValue

Project Member Reported by ClusterFuzz, Apr 19 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4515713571356672

Fuzzer: ifratric-browserfuzzer-v3
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000008
Crash State:
  blink::SVGEnumerationBase::calculateAnimatedValue
  blink::SVGAnimateElement::calculateAnimatedValue
  blink::SVGAnimationElement::updateAnimation
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=456354:456375

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94okbcboQQ1IgRVlQDIuJC75SG4KcMLZF5i-UGJv14EIRYqI0h7RsXsykjoUHTikbvP05lYFfo9thBZR_dJ5PxIPX56RgayZxIQG6A65UJh87sjwbLVjjpyEPBuQqvGbpA8DZvJrS2AkmnS37QR7Fk4Cev7hw9GSglQ99JsznX3Vj-y3m8HArJq9MaotXgm8bqfG4VB2Pz6Osd0zA66oG_zdvqTnunpSCfP5_jBOeTB7QuyMR_8_1Pt4UXz3fPZhXSk3uD4qcZDwBwINTG2psBGBAx0PIm_c_EWUlVua7rd1ToFb0G8FEk10kixbOm8XugZmPXSOvGVIJqb1DY4sXtW4IFaUo_c2YJWeLmrBAFDsc3ee8A?testcase_id=4515713571356672


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Project Member

Comment 1 by ClusterFuzz, Apr 19 2017

Labels: OS-Android OS-Mac

Project Member

Comment 2 by ClusterFuzz, Apr 19 2017

ClusterFuzz has detected this issue as fixed in range 459146:459184.

Detailed report: https://clusterfuzz.com/testcase?key=4515713571356672

Fuzzer: ifratric-browserfuzzer-v3
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000008
Crash State:
  blink::SVGEnumerationBase::calculateAnimatedValue
  blink::SVGAnimateElement::calculateAnimatedValue
  blink::SVGAnimationElement::updateAnimation
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=456354:456375
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=459146:459184

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94okbcboQQ1IgRVlQDIuJC75SG4KcMLZF5i-UGJv14EIRYqI0h7RsXsykjoUHTikbvP05lYFfo9thBZR_dJ5PxIPX56RgayZxIQG6A65UJh87sjwbLVjjpyEPBuQqvGbpA8DZvJrS2AkmnS37QR7Fk4Cev7hw9GSglQ99JsznX3Vj-y3m8HArJq9MaotXgm8bqfG4VB2Pz6Osd0zA66oG_zdvqTnunpSCfP5_jBOeTB7QuyMR_8_1Pt4UXz3fPZhXSk3uD4qcZDwBwINTG2psBGBAx0PIm_c_EWUlVua7rd1ToFb0G8FEk10kixbOm8XugZmPXSOvGVIJqb1DY4sXtW4IFaUo_c2YJWeLmrBAFDsc3ee8A?testcase_id=4515713571356672


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 3 by ClusterFuzz, Apr 19 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)

ClusterFuzz testcase 4515713571356672 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

►

Issue 713323 link

Issue metadata

Crash in blink::SVGEnumerationBase::calculateAnimatedValue

Issue description

Comment 1 by ClusterFuzz, Apr 19 2017

Comment 1 Deleted

Comment 2 by ClusterFuzz, Apr 19 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Apr 19 2017

Comment 3 Deleted

Sign in to add a comment