New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 734696 link

Starred by 1 user
Status: Duplicate
Merged: issue 462234
Owner:
brettw@chromium.org
Last visit 26 days ago
Closed: Jun 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in blink::Text::wholeText

Project Member Reported by ClusterFuzz, Jun 19 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4587849021390848

Fuzzer: inferno_twister
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x90360080
Crash State:
  blink::Text::wholeText
  blink::V8Text::wholeTextAttributeGetterCallback
  v8::internal::FunctionCallbackArguments::Call
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4587849021390848


Additional requirements: Requires HTTP

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Jun 21 2017

Cc: msrchandra@chromium.org
Components: Blink>DOM
Labels: M-61 Test-Predator-Correct-CLs
Owner: brettw@chromium.org
Status: Assigned (was: Untriaged)
Assigning to concern owner from Predator results --
Regression information is not available. The result is the blame information. 

Author: brettw@google.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/d028296ec1c0fdfbd40e2390ca3121de7055295d
Time: Sat Jan 01 16:08:52 2011
The CL last changed line 18 of file debugger_win.cc, which is stack frame 0. 

Author: rch@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/82d89abc03ea6fd6b9258f0e57be0290b33d7eb1
Time: Fri Feb 28 18:25:34 2014
The CL last changed line 783 of file logging.cc, which is stack frame 1. 

Author: gyuyoung
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/46740f4e99de22f90302e72ca3a91730521b5827
Time: Mon Jun 05 05:29:54 2017
The CL last changed line 179 of file Text.cpp, which is stack frame 2.

@brettw -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by tkent@chromium.org, Jun 23 2017

Mergedinto: 462234
Status: Duplicate (was: Assigned)

Sign in to add a comment