Issue metadata
Sign in to add a comment
|
Stack-overflow in blink::LayoutSVGViewportContainer::UpdateLayout |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5108639995265024 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff55912e40 Crash State: blink::LayoutSVGViewportContainer::UpdateLayout blink::SVGLayoutSupport::LayoutChildren blink::LayoutSVGContainer::UpdateLayout Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=450668:450686 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5108639995265024 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 3 2017
Predator and CL did not provide any possible suspects. Using Code Search for the file, "LayoutSVGViewportContainer.cpp" assigning to the concern owner. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/81824be93544dd0936c78b5a24a30c07a818a8ea @pdr -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
May 3 2017
,
May 3 2017
Stack overflows are not P1.
,
May 9 2017
This is a bunch of nested <svg> elements. Chris is pumped about 718386 so I'll mark as a dupe.
,
May 12 2017
ClusterFuzz has detected this issue as fixed in range 471041:471079. Detailed report: https://clusterfuzz.com/testcase?key=5108639995265024 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff55912e40 Crash State: blink::LayoutSVGViewportContainer::UpdateLayout blink::SVGLayoutSupport::LayoutChildren blink::LayoutSVGContainer::UpdateLayout Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=450668:450686 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=471041:471079 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5108639995265024 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by patricia...@chromium.org
, May 3 2017