Null-dereference READ in blink::Node::GetLayoutBox |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5166608866869248 Fuzzer: ochang_domfuzzer Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: blink::Node::GetLayoutBox blink::LayoutSlider::UpdateLayout blink::LocalFrameView::PerformLayout Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=373065:373191 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5166608866869248 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 31 2017
,
Jun 9 2017
,
Jun 19 2017
Not a security issue and no reports in the wild, adjusting priority.
,
Jul 14 2017
,
Jul 14 2017
,
Jul 16 2017
,
Sep 11 2017
ClusterFuzz testcase 5166608866869248 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 18 2017
ClusterFuzz testcase 6435193677414400 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ranjitkan@chromium.org
, May 31 2017Labels: Test-Predator-Correct-CLs
Owner: nainar@chromium.org
Status: Assigned (was: Untriaged)