Null-dereference READ in blink::Node::ContainsIncludingHostElements |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4982964760084480 Fuzzer: inferno_layout_test_unmodified Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000008 Crash State: blink::Node::ContainsIncludingHostElements blink::ComputePositionForChildrenRemoval blink::SelectionEditor::NodeChildrenWillBeRemoved Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=483672:483687 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4982964760084480 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 19 2017
,
Sep 19 2017
Mark WontFix since I could not reproduce this with ToT. Note: Canary, 63.0.3218.0, is crashed.
,
Sep 20 2017
,
Sep 26 2017
ClusterFuzz testcase 4982964760084480 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Oct 1 2017
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
,
Nov 7 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by msrchandra@chromium.org
, Sep 15 2017Components: Blink>DOM
Labels: M-62 Test-Predator-Wrong
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)