Null-dereference READ in blink::StyleEngine::EnsureUAStyleForFullscreen |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6030687152111616 Fuzzer: inferno_twister Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x0000000000b0 Crash State: blink::StyleEngine::EnsureUAStyleForFullscreen blink::Element::SetContainsFullScreenElementOnAncestorsCrossingFrameBoundaries blink::Element::InsertedInto Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=495320:495357 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6030687152111616 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 9 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/6be43e7f8e0806cf773ffdd1adb91811740c9ed3 (Compute touch-action for replaced canvas). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Oct 9 2017
,
Oct 10 2017
Sounds more like a fullscreen issue, rather than generic DOM issue.
,
Oct 10 2017
The test case (both minimized and regular) keeps reloading the window and I cannot reproduce the null dereference on my local machine. It also makes no difference reverting the suspected patch. I make the test rerun the minimized test case and blame. It might have something to do with iframes since the cl changes logic of propagating styles across frames.
,
Oct 10 2017
The new suspected cl points to https://chromium.googlesource.com/chromium/src/+/5d8010e1fc081481d0646618e700b51a4699ab4c While I'm not sure whether the bisect is correct or not, we need to a fullscreen expert to provide some insight on this. iclelland@, please take a look at this issue and re-assign if it is not related to your change.
,
Oct 15 2017
ClusterFuzz has detected this issue as fixed in range 508937:508940. Detailed report: https://clusterfuzz.com/testcase?key=6030687152111616 Fuzzer: inferno_twister Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x0000000000b0 Crash State: blink::StyleEngine::EnsureUAStyleForFullscreen blink::Element::SetContainsFullScreenElementOnAncestorsCrossingFrameBoundaries blink::Element::InsertedInto Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=495320:495357 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=508937:508940 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6030687152111616 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 15 2017
ClusterFuzz testcase 6030687152111616 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
,
Nov 7 2017
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ClusterFuzz
, Oct 9 2017Labels: Test-Predator-AutoComponents