Null-dereference in blink::LayoutSlider::UpdateLayout |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5158532260560896 Fuzzer: inferno_layout_test_unmodified Job Type: windows_syzyasan_content_shell Platform Id: windows Crash Type: Null-dereference Crash Address: 0x00000008 Crash State: blink::LayoutSlider::UpdateLayout blink::LayoutBlockFlow::LayoutInlineChildren blink::LayoutBlockFlow::LayoutChildren Memory Tool: SYZYASAN Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_content_shell&range=483471:483525 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5158532260560896 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 22 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/a171aaf13db9680bec6a33aa682bf4d54ab372d6 (Don't try to determine a float's painter again if we've already done so.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Nov 26 2017
How do I recreate this on Linux? An ASAN build doesn't reproduce it and syzyasan seems to be Windows only.
,
Dec 18 2017
ClusterFuzz testcase 5158532260560896 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Nov 22 2017Labels: Test-Predator-Auto-Components