Null-dereference READ in blink::Document::ScheduleLayoutTreeUpdate |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5902560757284864 Fuzzer: inferno_twister Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000000 Crash State: blink::Document::ScheduleLayoutTreeUpdate blink::Document::WillChangeFrameOwnerProperties blink::HTMLFrameOwnerElement::SetEmbeddedContentView Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=477423:477482 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5902560757284864 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 21 2017
shend: your SubtreeWillChangeContents change stands out in the regression range, any chance it might have caused this? https://chromium-review.googlesource.com/525214
,
Aug 22 2017
Hmm I don't think so. As can be seen by the diff of generated code, we simply rename the getters and setters and move them to be public: https://gist.github.com/darrnshn/46ddf3dfedfbbc8a990e1c3acff6507d/revisions
,
Sep 5 2017
ClusterFuzz testcase 5902560757284864 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by dtapu...@chromium.org
, Aug 21 2017