Crash in blink::LayoutBlockFlow::AppendFloatsToLastLine |
||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4620552244559872 Fuzzer: inferno_layout_test_unmodified Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: UNKNOWN READ Crash Address: 0xd8ddf2c0 Crash State: blink::LayoutBlockFlow::AppendFloatsToLastLine blink::LayoutBlockFlow::LayoutRunsAndFloatsInRange blink::LayoutBlockFlow::LayoutRunsAndFloats Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=443500:443512 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4620552244559872 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 17 2017
,
Jun 17 2017
Another CHECK failure => Security_Impact-None May be showing up now because of https://chromium.googlesource.com/chromium/src/+/177d44c2b478ca96d5cff47940509b578e4af697
,
Jun 18 2017
I will fix c#3. Thanks for noticing Emily.
,
Jun 18 2017
,
Jun 19 2017
CHECK failure is not a security bug, we fixed the parsing logic on clusterfuzz side, sorry for noise.
,
Jun 19 2017
Functional bug though, reopening.
,
Jun 19 2017
,
Jun 19 2017
,
Jun 19 2017
|
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by sheriffbot@chromium.org
, Jun 17 2017