New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 787791 link

Starred by 1 user
Status: Verified
Owner:
rakina@chromium.org
Closed: Dec 2017
Cc:
kochi@chromium.org
kkaluri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

Null-dereference in blink::Element::SynchronizeAttribute

Project Member Reported by ClusterFuzz, Nov 22 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6696521495216128

Fuzzer: inferno_twister
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: Null-dereference
Crash Address: 0x0000002f
Crash State:
  blink::Element::SynchronizeAttribute
  blink::Element::setAttribute
  blink::Element::SetIntegralAttribute
  
Memory Tool: SYZYASAN

Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=483256:483281

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6696521495216128

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Nov 22 2017

Components: Blink>DOM
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by kkaluri@chromium.org, Nov 23 2017

Cc: kkaluri@chromium.org
Labels: M-63 Test-Predator-Wrong
Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You...

Comment 3 by kkaluri@chromium.org, Nov 23 2017

Labels: CF-NeedsTriage

Comment 4 by kochi@chromium.org, Nov 27 2017

Cc: kochi@chromium.org
Labels: -Pri-1 Pri-2
Owner: rakina@chromium.org
Status: Assigned (was: Untriaged)
Hmm, it looks identical to  issue 765940  which was automatically
closed by clusterfuzz.  So probably the test itself is flaky.

Rakina, if this is reproducing, could you work on this?

Comment 5 by rakina@chromium.org, Nov 27 2017

Labels: -Pri-2 Pri-3
Changed to Pri-3 because this is related to DOM Mutation events.
Project Member

Comment 6 by ClusterFuzz, Dec 6 2017 

ClusterFuzz has detected this issue as fixed in range 521421:521451.

Detailed report: https://clusterfuzz.com/testcase?key=6696521495216128

Fuzzer: inferno_twister
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: Null-dereference
Crash Address: 0x0000002f
Crash State:
  blink::Element::SynchronizeAttribute
  blink::Element::setAttribute
  blink::Element::SetIntegralAttribute
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=483256:483281
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=521421:521451

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6696521495216128

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Dec 6 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6696521495216128 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment