Null-dereference READ in blink::StyleEngine::EnsureUAStyleForFullscreen |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5346523792801792 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x0000000000b0 Crash State: blink::StyleEngine::EnsureUAStyleForFullscreen blink::Element::SetContainsFullScreenElementOnAncestorsCrossingFrameBoundaries blink::Element::InsertedInto Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=495832:495833 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5346523792801792 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 17 2017
Assigning to style TL as per triage process.
,
Oct 17 2017
The crash happens in StyleEngine which is Blink>CSS, but it could be something further up the call stack. Removing the Blink>DOM for now.
,
Oct 17 2017
,
Oct 21 2017
,
Nov 7 2017
,
Nov 18 2017
ClusterFuzz has detected this issue as fixed in range 514498:517702. Detailed report: https://clusterfuzz.com/testcase?key=5346523792801792 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x0000000000b0 Crash State: blink::StyleEngine::EnsureUAStyleForFullscreen blink::Element::SetContainsFullScreenElementOnAncestorsCrossingFrameBoundaries blink::Element::InsertedInto Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=495832:495833 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=514498:517702 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5346523792801792 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 19 2017
ClusterFuzz has detected this issue as fixed in range 514498:517702. Detailed report: https://clusterfuzz.com/testcase?key=5346523792801792 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Null-dereference READ Crash Address: 0x0000000000b0 Crash State: blink::StyleEngine::EnsureUAStyleForFullscreen blink::Element::SetContainsFullScreenElementOnAncestorsCrossingFrameBoundaries blink::Element::InsertedInto Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=495832:495833 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=514498:517702 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5346523792801792 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 19 2017
ClusterFuzz testcase 5346523792801792 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Oct 17 2017Labels: Test-Predator-AutoComponents