Null-dereference READ in blink::Node::CanParticipateInFlatTree |
|||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4975946460561408 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: blink::Node::CanParticipateInFlatTree blink::Document::NeedsLayoutTreeUpdateForNode blink::Document::UpdateStyleAndLayoutTreeForNode Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=472654:472665 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4975946460561408 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 30 2017
,
Aug 29 2017
,
Sep 11 2017
Predator and CL could not provide any possibl suspects. Using Code Search for the file, "Node.cpp" assigning to the concern owner who might be related or worked on similar file. @hayato -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Sep 11 2017
The stacktrace shows it might be related to editing.
,
Sep 15 2017
Mark Available to make someone picks this up.
,
Sep 15 2017
,
Oct 1 2017
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
,
Oct 11 2017
Checked the minimized case, and found that the test is using window.internals.shadowRoot() to get shadow root, which cannot happen on the web. This is an invalid clusterfuzz test case.
,
Oct 18 2017
ClusterFuzz testcase 4975946460561408 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Nov 7 2017
|
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by ClusterFuzz
, May 27 2017