Stack-overflow in OnPrint |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5642704290840576 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff54336ff0 Crash State: OnPrint Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5642704290840576 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 28 2017
There's 200 frames of blink::CSSSelector::SelectorText() calls. Not PDF code.
,
May 2 2017
,
May 3 2017
,
May 17 2017
Hmmm I've been struggling to think of a good solution to this. I started making a CL to investigate recursion level, and limiting it to 256 levels of recursion is too small for our current LayoutTests. So... buh?
,
May 24 2017
ClusterFuzz has detected this issue as fixed in range 473937:473999. Detailed report: https://clusterfuzz.com/testcase?key=5642704290840576 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff54336ff0 Crash State: OnPrint Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=473937:473999 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5642704290840576 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 24 2017
ClusterFuzz testcase 5642704290840576 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 16 2017
FTW, the fix to bug 719374 is what fixed this. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by shrike@chromium.org
, Apr 28 2017