Stack-overflow in blink::ContainerNode::RecalcDescendantStyles |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6396012345425920 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff5b340ab8 Crash State: blink::ContainerNode::RecalcDescendantStyles blink::Element::RecalcStyle Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=428077:428329 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6396012345425920 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 2 2017
This is building a really deep DOM. Not limiting DOM depth is the decision for now.
,
May 5 2017
,
May 12 2017
ClusterFuzz has detected this issue as fixed in range 471172:471208. Detailed report: https://clusterfuzz.com/testcase?key=6396012345425920 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff5b340ab8 Crash State: blink::ContainerNode::RecalcDescendantStyles blink::Element::RecalcStyle Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=428077:428329 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=471172:471208 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6396012345425920 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||
►
Sign in to add a comment |
|||
Comment 1 by shrike@chromium.org
, Apr 28 2017