New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 772987 link

Starred by 1 user
Status: WontFix
Owner:
r...@opera.com
NOT IN USE
Closed: Oct 2017
Cc:
kkaluri@chromium.org
nainar@chromium.org
style-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Stack-overflow in blink::ContainerNode::RebuildLayoutTreeForChild

Project Member Reported by ClusterFuzz, Oct 9 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6174925911228416

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: Stack-overflow
Crash Address: 0x7fff5f305ec0
Crash State:
  blink::ContainerNode::RebuildLayoutTreeForChild
  blink::ContainerNode::RebuildChildrenLayoutTrees
  blink::Element::RebuildLayoutTree
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=506962:506988

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6174925911228416

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Oct 10 2017

Components: Blink>DOM
Labels: Test-Predator-AutoComponents
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Oct 10 2017

Labels: Test-Predator-AutoOwner
Owner: tkent@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/5e3bb825f3c234f406e04e22893dbd880898137d (Move HTMLOpt*.* and HTMLSelectElement*.* to core/html/forms/.).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Comment 3 by tkent@chromium.org, Oct 10 2017

Components: -Blink>DOM Blink>CSS Blink>Layout
Owner: ----
Status: Untriaged (was: Assigned)
The suspected CL has no behavior change.

Comment 4 by nainar@chromium.org, Oct 10 2017

Cc: nainar@chromium.org

Comment 5 by kkaluri@chromium.org, Oct 11 2017

Cc: kkaluri@chromium.org
Labels: -Pri-1 Test-Predator-Wrong-CLs Pri-2
Owner: r...@opera.com
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using the code search for the file, “ContainerNode.cpp” assigning to concern owner from GIT blame.
Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/05ad40ab431fd9ebd2b95c5f059eff5e629361fe

rune@ -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.


Thank You.

Comment 6 by dstockwell@google.com, Oct 11 2017

Labels: Update-Weekly

Comment 7 by r...@opera.com, Oct 12 2017

Labels: ClusterFuzz-Ignore
Status: WontFix (was: Assigned)
Test creating deep DOM tree which will eventually crash on stack overflow in recursive methods.

Comment 8 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

Comment 9 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoOwner Test-Predator-Auto-Owner

Sign in to add a comment