Issue metadata
Sign in to add a comment
|
Stack-overflow in blink::Element::cloneNode |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5271464097087488 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff52c5dff8 Crash State: blink::Element::cloneNode blink::Node::cloneNode blink::ContainerNode::CloneChildNodes Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=338322:338332 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5271464097087488 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 13 2017
Predator and CL could not provide any possible suspects. Using the code search for the file, “node.cpp” assigning to concern owner. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/cf172439200ba4acd6ed6c8ce53c7f46b2556aaa mstensho@-- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Nov 13 2017
That could be the CL that triggered this, but I suppose the DOM tree is really deep, so there's no actual fix for this. As long as our engine is recursive, one can always cause stack overflow by constructing an artificial test case, like this one, only even deeper. Merging into a similar WontFix bug. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Nov 10 2017Labels: Test-Predator-Auto-Components