Null-dereference READ in blink::Node::GetLayoutBox |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6435193677414400 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: blink::Node::GetLayoutBox blink::LayoutSlider::UpdateLayout blink::LayoutBlockFlow::LayoutInlineChildren Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=283013:284047 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6435193677414400 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 8 2017
,
Jul 14 2017
Assigning to concern owner from Predator results -- Regression information is not available. The result is the blame information Author: nainar Project: chromium Changelist: https://chromium.googlesource.com/chromium/src/+/2f631c11f8e8f80c2373a6da4e4c24f7337ea55e Time: Fri Apr 14 00:23:19 2017 The CL last changed line 626 of file Node.h, which is stack frame 2. Author: Daniel Cheng Project: chromium Changelist: https://chromium.googlesource.com/chromium/src/+/ed375c02e956ef832e8ed6223435f0d78d6bdf77 Time: Tue Apr 11 18:44:52 2017 The CL last changed line 1123 of file LayoutObject.h, which is stack frame 5. @nainar -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You
,
Jul 14 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, May 28 2017