Null-dereference READ in GetFlag |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5320345052774400 Fuzzer: inferno_layout_test_unmodified Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: GetFlag IsDocumentFragment blink::Node::ContainsIncludingHostElements Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=483676:483690 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5320345052774400 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 24 2017
Predator provided 1 one possible suspect * Implement lazy (re-)attachment of whitespace. by rune@opera.com rune@ is not present in the owners list, hence assigning it to the reviewer hayato@ -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
,
Nov 27 2017
rune@, could you take a look? BTW, we might want to move WhiteSpaceAttacher to somewhere other than Source/core/dom directory.
,
Nov 28 2017
This is most likely a bug in the editing code. There are a bunch of DCHECKs triggering in that area before the crash. If my CL made the fuzzer case start crashing, it's probably because it revealed an existing bug.
,
Dec 6 2017
Lower to Pri-3 since this is caused by unusual HTML.
,
Dec 14 2017
Automatically adding ccs based on suspected regression changelists: Implement lazy (re-)attachment of whitespace. by rune@opera.com - https://chromium.googlesource.com/chromium/src/+/7c44da721a59e6aa0b9fdcddb314175cb1e0123f If this is incorrect, please apply the Test-Predator-Wrong-CLs label.
,
Dec 14 2017
,
Jan 13 2018
ClusterFuzz has detected this issue as fixed in range 528919:528920. Detailed report: https://clusterfuzz.com/testcase?key=5320345052774400 Fuzzer: inferno_layout_test_unmodified Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: GetFlag IsDocumentFragment blink::Node::ContainsIncludingHostElements Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=483676:483690 Fixed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=528919:528920 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5320345052774400 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 13 2018
ClusterFuzz testcase 5320345052774400 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Nov 24 2017Labels: Test-Predator-Auto-Components