Issue metadata
Sign in to add a comment
|
Security DCHECK failure: i < length_ in StringImpl.h |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4734899163758592 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome Platform Id: windows Crash Type: Security DCHECK failure Crash Address: Crash State: i < length_ in StringImpl.h blink::InlineTextBox::IsLineBreak blink::InlineTextBox::ContainsCaretOffset Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=482442:482493 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4734899163758592 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 28 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 28 2017
,
Jul 29 2017
,
Jul 30 2017
yutak@ -- assigning you as the owner based on the topmost frame in the callstack. If you are not the right owner, please help find them. Thanks.
,
Aug 9 2017
Hi yutak@ - have you had a chance to take a look?
,
Aug 9 2017
[Bulk Edit] URGENT - PTAL. Your bug is labelled as M61 Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP. Know that this issue shouldn't block the release? Remove the ReleaseBlock-Stable label. Thank you.
,
Aug 10 2017
Oh, I thought I disowned this but it seems like Monorail doesn't work correctly if I leave restrict-view page. So let me say this again: this is editing or layout issue. Wait for those teams to triage. I don't know those areas.
,
Aug 10 2017
Someone please remove me from CC list since I can't do that myself.
,
Aug 10 2017
eae@ - could you help us find an owner for this? Thanks!
,
Aug 11 2017
eae: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 11 2017
,
Aug 11 2017
r482483 https://chromium-review.googlesource.com/547541 is the only text related change in the regression range. Over to patch author.
,
Aug 11 2017
That change has now been reverted (https://chromium-review.googlesource.com/#/c/611387/). Is it correct to mark this as fixed now?
,
Aug 12 2017
Please wait on ClusterFuzz to auto-verify and then it will close bug automatically.
,
Aug 12 2017
ClusterFuzz has detected this issue as fixed in range 493793:493842. Detailed report: https://clusterfuzz.com/testcase?key=4734899163758592 Fuzzer: ifratric-browserfuzzer-v3 Job Type: windows_asan_chrome Platform Id: windows Crash Type: Security DCHECK failure Crash Address: Crash State: i < length_ in StringImpl.h blink::InlineTextBox::IsLineBreak blink::InlineTextBox::ContainsCaretOffset Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=482442:482493 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=493793:493842 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4734899163758592 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 12 2017
ClusterFuzz testcase 4734899163758592 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 12 2017
,
Aug 14 2017
,
Aug 14 2017
This bug requires manual review: M61 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), ketakid@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 14 2017
+awhalley@ for M61 merge review.
,
Aug 14 2017
govind@ - good for 61
,
Aug 14 2017
Approving merge to M61 branch 3163 based on comment #22. Please merge ASAP so we can take it in for this week Beta release. Thank you.
,
Aug 14 2017
Merge commit was: https://chromium.googlesource.com/chromium/src.git/+/f83b3fa59417998a87c4ea62cda4b893de690532
,
Aug 14 2017
Thanks!
,
Nov 18 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jul 28 2017