Stack-overflow in blink::CachingWordShapeIterator::ShapeWordWithoutSpacing |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5799773289578496 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7fff0e3e5ff8 Crash State: blink::CachingWordShapeIterator::ShapeWordWithoutSpacing blink::CachingWordShapeIterator::ShapeWord blink::CachingWordShapeIterator::ShapeToEndIndex Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=133679:133688 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5799773289578496 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 15 2017
Redo Task has been performed for a better regression range. Thank You.
,
Sep 19 2017
Predator and CL could not provide any possible suspects. Using Code Search for the file, "CachingWordShapeIterator.cpp" assigning to the concern owner who might be related or worked on similar file. Suspect CL: https://chromium.googlesource.com/chromium/src/+/2083513f84c5d1c914275031d0064875e27b28f8 bugsnash@ -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Sep 19 2017
Is this possibly a recursive table layout?
,
Sep 20 2017
The test case exponentially increases the size of the dom. I don't know what's supposed to happen in that case. +eae who might know
,
Sep 21 2017
,
Sep 22 2017
Stack overflows due to deeply nested DOM is considered WontFix. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by manoranj...@chromium.org
, Aug 17 2017