New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 727040 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 2017
Cc:
msrchandra@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in blink::Node::CanParticipateInFlatTree

Project Member Reported by ClusterFuzz, May 27 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4975946460561408

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000010
Crash State:
  blink::Node::CanParticipateInFlatTree
  blink::Document::NeedsLayoutTreeUpdateForNode
  blink::Document::UpdateStyleAndLayoutTreeForNode
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=472654:472665

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4975946460561408


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by ClusterFuzz, May 27 2017

Labels: OS-Mac
Project Member

Comment 2 by ClusterFuzz, May 30 2017

Labels: OS-Windows
Project Member

Comment 3 by ClusterFuzz, Aug 29 2017

Labels: OS-Android

Comment 4 by msrchandra@chromium.org, Sep 11 2017

Cc: msrchandra@chromium.org
Components: Blink
Labels: M-61 Test-Predator-Wrong
Owner: hayato@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possibl suspects.
Using Code Search for the file, "Node.cpp" assigning to the concern owner who might be related or worked on similar file.

@hayato -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 5 by hayato@chromium.org, Sep 11 2017

Components: -Blink Blink>Editing
Owner: yosin@chromium.org
The stacktrace shows it might be related to editing.

Comment 6 by yosin@chromium.org, Sep 15 2017

Status: Available (was: Assigned)
Mark Available to make someone picks this up.

Comment 7 by yosin@chromium.org, Sep 15 2017

Owner: ----
Project Member

Comment 8 by ClusterFuzz, Oct 1 2017

Components: Blink>DOM
Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 9 by kochi@chromium.org, Oct 11 2017

Status: WontFix (was: Available)
Checked the minimized case, and found that the test is using
window.internals.shadowRoot() to get shadow root, which cannot happen
on the web.

This is an invalid clusterfuzz test case.
Project Member

Comment 10 by ClusterFuzz, Oct 18 2017

Labels: Needs-Feedback
ClusterFuzz testcase 4975946460561408 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 11 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Sign in to add a comment