Null-dereference READ in blink::Node::ContainsIncludingHostElements |
||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5828874295574528 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000008 Crash State: blink::Node::ContainsIncludingHostElements blink::ComputePositionForChildrenRemoval blink::SelectionEditor::NodeChildrenWillBeRemoved Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=464127:464479 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5828874295574528 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 21 2017
,
Jul 25 2017
ClusterFuzz has detected this issue as fixed in range 489161:489186. Detailed report: https://clusterfuzz.com/testcase?key=5828874295574528 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000008 Crash State: blink::Node::ContainsIncludingHostElements blink::ComputePositionForChildrenRemoval blink::SelectionEditor::NodeChildrenWillBeRemoved Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=464127:464479 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=489161:489186 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5828874295574528 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||
►
Sign in to add a comment |
||
Comment 1 by ClusterFuzz
, May 27 2017