New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 734310 link

Starred by 1 user
Status: Duplicate
Merged: issue 724830
Owner: ----
Closed: Jun 2017
Cc:
robhogan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows
Pri: 3
Type: Bug



Sign in to add a comment

Crash in blink::LayoutBlockFlow::AppendFloatsToLastLine

Project Member Reported by ClusterFuzz, Jun 17 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4620552244559872

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0xd8ddf2c0
Crash State:
  blink::LayoutBlockFlow::AppendFloatsToLastLine
  blink::LayoutBlockFlow::LayoutRunsAndFloatsInRange
  blink::LayoutBlockFlow::LayoutRunsAndFloats
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=443500:443512

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4620552244559872


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Jun 17 2017

Labels: M-60
Project Member

Comment 2 by sheriffbot@chromium.org, Jun 17 2017

Labels: Pri-1

Comment 3 by est...@chromium.org, Jun 17 2017

Cc: tkent@chromium.org e...@chromium.org
Components: Blink>Layout
Labels: -Security_Impact-Stable -Security_Severity-Medium Security_Impact-None
Owner: hs1217....@samsung.com
Status: Assigned (was: Untriaged)
Another CHECK failure => Security_Impact-None

May be showing up now because of https://chromium.googlesource.com/chromium/src/+/177d44c2b478ca96d5cff47940509b578e4af697

Comment 4 by infe...@chromium.org, Jun 18 2017

Cc: och...@chromium.org est...@chromium.org
Labels: -Restrict-View-SecurityTeam -Security_Impact-None
Owner: infe...@chromium.org
I will fix c#3. Thanks for noticing Emily.

Comment 5 by tkent@chromium.org, Jun 18 2017

Cc: -tkent@chromium.org

Comment 6 by infe...@chromium.org, Jun 19 2017

Status: WontFix (was: Assigned)
CHECK failure is not a security bug, we fixed the parsing logic on clusterfuzz side, sorry for noise.

Comment 7 by infe...@chromium.org, Jun 19 2017

Cc: -est...@chromium.org -e...@chromium.org -och...@chromium.org
Labels: -Type-Bug-Security Type-Bug
Owner: e...@chromium.org
Status: Assigned (was: WontFix)
Functional bug though, reopening.
Project Member

Comment 8 by ClusterFuzz, Jun 19 2017

Labels: OS-Android OS-Linux

Comment 9 by e...@chromium.org, Jun 19 2017

Cc: robhogan@chromium.org
Labels: -Pri-1 Pri-3
Owner: ----
Status: Available (was: Assigned)

Comment 10 by robhogan@chromium.org, Jun 19 2017

Mergedinto: 724830
Status: Duplicate (was: Available)

Sign in to add a comment