Issue metadata
Sign in to add a comment
|
Security DCHECK failure: i < length_ in StringImpl.h |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5224903761723392 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Security DCHECK failure Crash Address: Crash State: i < length_ in StringImpl.h blink::InlineTextBox::IsLineBreak blink::InlineTextBox::IsSelected Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=482461:482506 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5224903761723392 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 6 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 6 2017
,
Jul 6 2017
wangxianzhu@chromium.org, qyearsley@google.com, could you take a look to see if this is related to your latest change? Thanks!
,
Jul 6 2017
,
Jul 11 2017
wangxianzhu: could you please help triage this layout-related bug? Thanks!
,
Jul 11 2017
eae: wangxianzhu is OOO, could you please help triage? Thanks!
,
Jul 11 2017
,
Jul 11 2017
A friendly reminder that M61 branch is coming soon on 07/20! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix ASAP to trunk. This way we branch M61 from a high quality trunk. Thank you.
,
Jul 11 2017
Is this the same issue you looked into last week szager?
,
Jul 20 2017
szager: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 26 2017
ClusterFuzz has detected this issue as fixed in range 489283:489286. Detailed report: https://clusterfuzz.com/testcase?key=5224903761723392 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Security DCHECK failure Crash Address: Crash State: i < length_ in StringImpl.h blink::InlineTextBox::IsLineBreak blink::InlineTextBox::IsSelected Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=482461:482506 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=489283:489286 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5224903761723392 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 26 2017
ClusterFuzz testcase 5224903761723392 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jul 26 2017
,
Aug 1 2017
ClusterFuzz has detected this issue as fixed in range 489186:489234. Detailed report: https://clusterfuzz.com/testcase?key=5224903761723392 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Security DCHECK failure Crash Address: Crash State: i < length_ in StringImpl.h blink::InlineTextBox::IsLineBreak blink::InlineTextBox::IsSelected Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=482461:482506 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=489186:489234 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5224903761723392 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 10 2017
Hi szager@ - anything in the fix range jump out at you as likely being the change that addressed this issue? If so, anything seem reasonable to merge to M61?
,
Aug 17 2017
,
Sep 15 2017
,
Sep 15 2017
This bug requires manual review: M62 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 16 2017
,
Nov 1 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jul 6 2017