Null-dereference READ in blink::RootInlineBox::AscentAndDescentForBox |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5334300814999552 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000030 Crash State: blink::RootInlineBox::AscentAndDescentForBox blink::InlineFlowBox::ComputeLogicalBoxHeights blink::RootInlineBox::AlignBoxesInBlockDirection Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=475215:475230 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5334300814999552 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 16 2017
,
Jun 27 2017
No longer reproducible either manually, using clusterfuzz reproduce or by clusterfuzz itself. We now have an early abort if root_box is null. Closing. |
|||
►
Sign in to add a comment |
|||
Comment 1 by dtapu...@chromium.org
, Jun 9 2017