ComputeInlineBoxPosition causes infinite recursive call |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5034107787804672 Fuzzer: bj_broddelwerk Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7fff2151dfb8 Crash State: blink::InlineBoxPosition blink::ComputeInlineBoxPositionTemplate<blink::EditingA Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5034107787804672 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 3 2017
ComputeInlineBoxPosition causes infinite recursive call with unusual HTML. DOM Tree dump at crash BODY SE TABLE class="CLASS8 CLASS4" (editable) (focused) #text "\n" CAPTION (editable) #text "\n" svg (editable) #text "\n" use (editable) #shadow-root #text "\n" animateTransform (editable) #text "\n" desc< (editable) #text "\n" svg (editable) #text "\n" g (editable) #text "\n" g (editable) #text "\n" html< (editable) #text "\n" #text "\n" foreignObject class="CLASS4 CLASS1" (editable) #text "\n" FOREIGNOBJECT class="CLASS0" (editable) #text "\n" DEFS (editable) #text "\n" #text "u))(~WWWW]z<nd!!!!v555555mmmmmmm" #text "\n" CLIPPATH (editable) #text "\n" USE (editable) #text "\n" ANIMATE (editable) #text "\n" TITLE (editable) #text "\n" #text "\n" METADATA (editable) #text "\n" DESC class="CLASS13" (editable) #text "\n" G class="CLASS8 CLASS6" (editable) #text "\n" B (editable) #text "\n" svg (editable) #text "\n" button (editable) #text "\n" DIV class="CLASS4" (editable) #text "\n" FORM class="CLASS6" (editable) #text "\n" INPUT (editable) #shadow-root DIV id="inner-editor" #text "\n" TABLE class="CLASS8 CLASS4" #text "\n" CAPTION #text "\n" svg #text "\n" use #shadow-root #text "\n" animateTransform #text "\n" desc< #text "\n" svg #text "\n" g #text "\n" g #text "\n" html< #text "\n" #text "\n" foreignObject class="CLASS4 CLASS1" #text "\n" FOREIGNOBJECT class="CLASS0" #text "\n" DEFS #text "\n" #text "\n" CLIPPATH #text "\n" USE #text "\n" ANIMATE #text "\n" TITLE #text "\n" #text "\n" METADATA #text "\n" DESC class="CLASS13" #text "\n" G class="CLASS8 CLASS6" #text "\n" B #text "\n" svg #text "\n" button #text "\n" DIV class="CLASS4" #text "\n" FORM class="CLASS6" #text "\n" INPUT #shadow-root DIV id="inner-editor" #text "\n" start: offsetInAnchor[0] end: offsetInAnchor[0]
,
Nov 21 2017
ClusterFuzz has detected this issue as fixed in range 517712:517848. Detailed report: https://clusterfuzz.com/testcase?key=5034107787804672 Fuzzer: bj_broddelwerk Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7fff2151dfb8 Crash State: blink::InlineBoxPosition blink::ComputeInlineBoxPositionTemplate<blink::EditingA Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=517712:517848 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5034107787804672 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 21 2017
ClusterFuzz testcase 5034107787804672 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by pnangunoori@chromium.org
, Oct 3 2017Labels: M-62 Test-Predator-Wrong
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)