Issue metadata
Sign in to add a comment
|
Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr;blink::CompositeEditCommand::Apply;blink::Editor::RemoveFormattingAndStyle |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5136379947515904 Fuzzer: miaubiz_css_fuzzer Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x62646e61732d6f6e Crash State: Bad-cast to sandbox::bpf_dsl::(anonymous namespace)::ReturnResultExprImpl from invalid vptr blink::CompositeEditCommand::Apply blink::Editor::RemoveFormattingAndStyle Sanitizer: cfi (CFI) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=472116:472196 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5136379947515904 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 18 2017
,
Aug 24 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by aarya@google.com
, May 17 2017Status: Duplicate (was: Untriaged)