Detailed report: https://clusterfuzz.com/testcase?key=4544583173406720
Fuzzer: dstockwell-css-fuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux
Crash Type: Null-dereference READ
Crash Address: 0x000000000034
Crash State:
blink::RootInlineBox::AscentAndDescentForBox
blink::InlineFlowBox::ComputeLogicalBoxHeights
blink::InlineFlowBox::ComputeLogicalBoxHeights
Sanitizer: address (ASAN)
Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4544583173406720
Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. If the fix resolved the issue, please close the bug by marking as Fixed.
Issue filed automatically.
See https://github.com/google/clusterfuzz-tools for more information.
Comment 1 by dtapu...@chromium.org
, Aug 21 2017