Null-dereference READ in blink::LocalFrame::Client |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5028820251049984 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x000000000048 Crash State: blink::LocalFrame::Client blink::Document::open blink::Document::open Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=482161:482264 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5028820251049984 Additional requirements: Requires HTTP Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 7 2017
,
Jul 19 2017
It doesn't look related to Blink > DOM. As I chatted with tkent@, let me use Blink > HTML for triage.
,
Jul 21 2017
https://chromium.googlesource.com/chromium/src/+/a86695ba7e713a92a517631681c549f74871a747%5E%21/third_party/WebKit/Source/core/dom/Document.cpp looks suspicious.
,
Aug 20 2017
ClusterFuzz testcase 5028820251049984 is flaky and no longer reproduces, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by shrike@chromium.org
, Jul 6 2017