Null-dereference READ in blink::CSSToLengthConversionData::FontSizes::Ex |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6068865250623488 Fuzzer: ochang_domfuzzer Job Type: windows_asan_content_shell Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000014 Crash State: blink::CSSToLengthConversionData::FontSizes::Ex blink::CSSToLengthConversionData::ZoomedComputedPixels blink::CSSPrimitiveValue::ComputeLengthDouble Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=491007:491035 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6068865250623488 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 8 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/77b3367ad5640838255d942a529ae48e6f67a389 (Adds text rendering support for OffscreenCanvas). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Oct 9 2017
,
Oct 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ae00821794fdd9f8d7c243a00277b1d6a7f061b5 commit ae00821794fdd9f8d7c243a00277b1d6a7f061b5 Author: Fernando Serboncini <fserb@chromium.org> Date: Wed Oct 11 19:19:30 2017 FontStyleResolver's font need FontFallback for relative size We now update the font before using it for CSSToLengthConversionData. Bug: 772733 Change-Id: Ib0728238569daf9b0c86d06db0e8431c13359e4a Reviewed-on: https://chromium-review.googlesource.com/713235 Reviewed-by: Justin Novosad <junov@chromium.org> Commit-Queue: Fernando Serboncini <fserb@chromium.org> Cr-Commit-Position: refs/heads/master@{#508058} [modify] https://crrev.com/ae00821794fdd9f8d7c243a00277b1d6a7f061b5/third_party/WebKit/Source/core/css/resolver/FontStyleResolver.cpp [modify] https://crrev.com/ae00821794fdd9f8d7c243a00277b1d6a7f061b5/third_party/WebKit/Source/core/css/resolver/FontStyleResolver.h [modify] https://crrev.com/ae00821794fdd9f8d7c243a00277b1d6a7f061b5/third_party/WebKit/Source/core/css/resolver/FontStyleResolverTest.cpp [modify] https://crrev.com/ae00821794fdd9f8d7c243a00277b1d6a7f061b5/third_party/WebKit/Source/core/css/threaded/FontObjectThreadedTest.cpp [modify] https://crrev.com/ae00821794fdd9f8d7c243a00277b1d6a7f061b5/third_party/WebKit/Source/modules/offscreencanvas2d/OffscreenCanvasRenderingContext2D.cpp
,
Oct 12 2017
ClusterFuzz has detected this issue as fixed in range 508051:508100. Detailed report: https://clusterfuzz.com/testcase?key=6068865250623488 Fuzzer: ochang_domfuzzer Job Type: windows_asan_content_shell Platform Id: windows Crash Type: Null-dereference READ Crash Address: 0x00000014 Crash State: blink::CSSToLengthConversionData::FontSizes::Ex blink::CSSToLengthConversionData::ZoomedComputedPixels blink::CSSPrimitiveValue::ComputeLengthDouble Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=491007:491035 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_content_shell&range=508051:508100 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6068865250623488 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 12 2017
ClusterFuzz testcase 6068865250623488 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
,
Nov 7 2017
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Oct 8 2017Labels: Test-Predator-AutoComponents