Crash in blink::ReportFatalErrorInMainThread |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5502983608729600 Fuzzer: cdiehl_dharma Job Type: windows_asan_chrome Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0x1e100080 Crash State: blink::ReportFatalErrorInMainThread v8::Uint8ClampedArray::New blink::DOMTypedArray<WTF::Uint8ClampedArray,v8::Uint8ClampedArray>::Wrap Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=464127:464504 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5502983608729600 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 17 2017
,
Jun 17 2017
,
Jun 19 2017
CHECK failure is not a security bug, we fixed the parsing logic on clusterfuzz side, sorry for noise.
,
Jun 27 2017
attempt to allocate an too large array
,
Jul 14 2017
ClusterFuzz testcase 5502983608729600 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by est...@chromium.org
, Jun 16 2017