Issue metadata
Sign in to add a comment
|
Crash in blink::FocusController::NextFocusableElementInForm |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4639276422922240 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x57e27880 Crash State: blink::FocusController::NextFocusableElementInForm blink::InputMethodController::TextInputFlags blink::InputMethodController::TextInputInfo Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=479114:479249 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4639276422922240 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 15 2017
,
Jun 15 2017
ClusterFuzz has detected this issue as fixed in range 479572:479612. Detailed report: https://clusterfuzz.com/testcase?key=4639276422922240 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x57e27880 Crash State: blink::FocusController::NextFocusableElementInForm blink::InputMethodController::TextInputFlags blink::InputMethodController::TextInputInfo Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=479114:479249 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=479572:479612 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4639276422922240 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 15 2017
ClusterFuzz testcase 4639276422922240 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 15 2017
,
Jun 16 2017
,
Jun 19 2017
@kochi - This also be fixed with https://chromium-review.googlesource.com/c/536395/ ?
,
Jun 20 2017
,
Jun 20 2017
Re #7 Unfortunately clusterfuzz repro doesn't run for this case, (I got "The job windows_asan_chrome_no_sandbox is not yet supported by clusterfuzz tools." error) but seeing the error message, it should be the same reason. [3672:2984:0614/074335.799:FATAL:HTMLElement.h(178)] Security DCHECK failed: !node || (node->IsHTMLElement()).
,
Jun 20 2017
@kochi - same with me, I was not able to start test case 4639276422922240 due to non-support. But as you pointed, we had already applied patch for fixing this issue. Thank you for your inputs.
,
Sep 21 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 29 2017
,
Sep 29 2017
,
Jul 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by est...@chromium.org
, Jun 14 2017Owner: ajit...@samsung.com
Status: Assigned (was: Untriaged)