CHECK failure: !node || IsElementOfType<const T>(*node) in Element.h |
|||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5454883787636736 Fuzzer: inferno_twister Job Type: windows_asan_content_shell Platform Id: windows Crash Type: CHECK failure Crash Address: Crash State: !node || IsElementOfType<const T>(*node) in Element.h blink::HTMLDetailsElement::FindMainSummary blink::HTMLSummaryElement::IsMainSummary Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=471126:471172 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5454883787636736 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Sep 26 2017
Test Predator has given the following results: Remove non-target version of copyVideoTextureToPlatformTexture by jiajia.qin@intel.com Changed files HTMLVideoElement.cpp, HTMLVideoElement.h, with the same CrashedDirectory(third_party/WebKit/Source/core/html) as HTMLDetailsElement.cpp (in frame#2), HTMLSummaryElement.cpp (in frame#3) Changed files HTMLVideoElement.cpp, HTMLVideoElement.h, with the same CrashedComponent(Blink>HTML) as DetailsMarkerControl.cpp (in frame#4), HTMLDetailsElement.cpp (in frame#2), HTMLSummaryElement.cpp (in frame#3) Assigning this issue to @zmo as author for this commit is from Intel. @zmo -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Sep 26 2017
,
Sep 26 2017
The automated analysis must be wrong. This Clusterfuzz test case uses a bunch of invalid HTML involving Shadow DOM and SVG filter effects; it doesn't use video. Unassigning Mo and adding a couple of probably-related components.
,
Sep 26 2017
,
Oct 1 2017
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
,
Oct 2 2017
,
Oct 2 2017
Confirmed it crashes in content_shell Debug without Asan or any gesture. But it's all shadow DOM stack.
,
Oct 3 2017
Predator and CL could not provide any possible suspects. Using the code search for the file, “Element.h” assigning to concern owner from GIT blame. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/bc7fac71c125e9c34e2079222816291bbbb10712 @hayato -- Could you please look into this issue as tkent@ is OOO, kindly reassign if it has nothing to do with this changes. Thank You.
,
Oct 3 2017
,
Oct 20 2017
ClusterFuzz has detected this issue as fixed in range 510178:510268. Detailed report: https://clusterfuzz.com/testcase?key=5454883787636736 Fuzzer: inferno_twister Job Type: windows_asan_content_shell Platform Id: windows Crash Type: CHECK failure Crash Address: Crash State: !node || IsElementOfType<const T>(*node) in Element.h blink::HTMLDetailsElement::FindMainSummary blink::HTMLSummaryElement::IsMainSummary Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=471126:471172 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=510178:510268 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5454883787636736 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 7 2017
|
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by ClusterFuzz
, Sep 23 2017