Stack-overflow in blink::ContainerNode::RebuildLayoutTreeForChild |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6174925911228416 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff5f305ec0 Crash State: blink::ContainerNode::RebuildLayoutTreeForChild blink::ContainerNode::RebuildChildrenLayoutTrees blink::Element::RebuildLayoutTree Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=506962:506988 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6174925911228416 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 10 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/5e3bb825f3c234f406e04e22893dbd880898137d (Move HTMLOpt*.* and HTMLSelectElement*.* to core/html/forms/.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Oct 10 2017
The suspected CL has no behavior change.
,
Oct 10 2017
,
Oct 11 2017
Predator and CL could not provide any possible suspects. Using the code search for the file, “ContainerNode.cpp” assigning to concern owner from GIT blame. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/05ad40ab431fd9ebd2b95c5f059eff5e629361fe rune@ -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Oct 11 2017
,
Oct 12 2017
Test creating deep DOM tree which will eventually crash on stack overflow in recursive methods.
,
Nov 7 2017
,
Nov 7 2017
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ClusterFuzz
, Oct 10 2017Labels: Test-Predator-AutoComponents