CHECK failure: start >= 0 in HTMLToken.h |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6169528471126016 Fuzzer: libFuzzer_blink_html_tokenizer_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: start >= 0 in HTMLToken.h blink::HTMLToken::Attribute::Range::CheckValidStart blink::HTMLToken::BeginAttributeName Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=515970:515991 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6169528471126016 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 15 2017
Unable to provide possible suspect using Predator, CL and Code Search. Could someone please look into the issue. Thank You...
,
Nov 15 2017
lfg: Would you take a look? https://chromium-review.googlesource.com/c/chromium/src/+/762016
,
Nov 15 2017
,
Nov 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1cb607200f1fd926bfd70326a43406f92f39976a commit 1cb607200f1fd926bfd70326a43406f92f39976a Author: Lucas Furukawa Gadani <lfg@chromium.org> Date: Thu Nov 16 20:32:12 2017 Consume last character when advancing substring in SegmentedString. Bug: 784710 Change-Id: I74c7ae6edc0394224b997acd8d7e9fb34105aeba Reviewed-on: https://chromium-review.googlesource.com/773202 Reviewed-by: Jeremy Roman <jbroman@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Commit-Queue: Lucas Gadani <lfg@chromium.org> Cr-Commit-Position: refs/heads/master@{#517171} [modify] https://crrev.com/1cb607200f1fd926bfd70326a43406f92f39976a/third_party/WebKit/Source/platform/text/SegmentedString.cpp [modify] https://crrev.com/1cb607200f1fd926bfd70326a43406f92f39976a/third_party/WebKit/Source/platform/text/SegmentedStringTest.cpp
,
Nov 16 2017
,
Nov 17 2017
ClusterFuzz has detected this issue as fixed in range 517164:517200. Detailed report: https://clusterfuzz.com/testcase?key=6169528471126016 Fuzzer: libFuzzer_blink_html_tokenizer_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: start >= 0 in HTMLToken.h blink::HTMLToken::Attribute::Range::CheckValidStart blink::HTMLToken::BeginAttributeName Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=515970:515991 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=517164:517200 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6169528471126016 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 17 2017
ClusterFuzz testcase 6169528471126016 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Nov 14 2017Labels: Test-Predator-Auto-Components