Stack-overflow in blink::SelectorChecker::MatchSelector |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4859105121665024 Fuzzer: inferno_twister Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff503cbf28 Crash State: blink::SelectorChecker::MatchSelector Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=364779:365132 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4859105121665024 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 17 2017
Stack-overflow, Out of memory and Timeout issues are 'P2'.
,
Sep 15 2017
Redo Task has been performed for a regression range as the suspects found were very old. Thank You.
,
Sep 19 2017
Predator and CL could not provide any possible suspects. Using Code Search for the file, "SelectorChecker.cpp" assigning to the concern owner who might be related or worked on similar file. Suspect CL: https://chromium.googlesource.com/chromium/src/+/1d3612d83a41151d7e9035b26d084af7fa363f54 rune@ -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Sep 19 2017
Stack overflow in recursive algorithm for selectors matching. Didn't crash in a normal content_shell build on Linux for me, but increasing the size of the for-loop creating the selector did.
,
Sep 26 2017
ClusterFuzz testcase 4859105121665024 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Sep 26 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Jul 16 2017