Stack-overflow in blink::CSSPreloaderResourceClient::ScanCSS |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6319273109880832 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7fffe896bcb8 Crash State: blink::CSSPreloaderResourceClient::ScanCSS blink::CSSPreloaderResourceClient::DataReceived blink::Resource::DidAddClient Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=520613:520614 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6319273109880832 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Dec 1 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/5887f770941260df0da1395c391db5a3bd66525f (Standardize ResourceClient data streaming callbacks on ResourceClient::DataReceived). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Dec 3 2017
,
Dec 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/785c19f3bfd7d0953980e606df2514ef60ab0ef3 commit 785c19f3bfd7d0953980e606df2514ef60ab0ef3 Author: Nate Chapin <japhet@chromium.org> Date: Wed Dec 06 00:20:02 2017 Fix infinite recursion in css preload scanning A self-referencing css stylesheet can attempt to preload itself reentrantly. Ensure a HTMLResourcePreloader doesn't scan the same Resource twice. Bug: 789198 , 790940 , 790945 Change-Id: I5a5ca56e3c12978c4a8b7fcbba79ae2a772671f8 Reviewed-on: https://chromium-review.googlesource.com/804496 Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Commit-Queue: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#521911} [add] https://crrev.com/785c19f3bfd7d0953980e606df2514ef60ab0ef3/third_party/WebKit/LayoutTests/http/tests/preload/css-import-scan-recursive-expected.txt [add] https://crrev.com/785c19f3bfd7d0953980e606df2514ef60ab0ef3/third_party/WebKit/LayoutTests/http/tests/preload/css-import-scan-recursive.html [add] https://crrev.com/785c19f3bfd7d0953980e606df2514ef60ab0ef3/third_party/WebKit/LayoutTests/http/tests/preload/resources/css-link-recurse.css [modify] https://crrev.com/785c19f3bfd7d0953980e606df2514ef60ab0ef3/third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp [modify] https://crrev.com/785c19f3bfd7d0953980e606df2514ef60ab0ef3/third_party/WebKit/Source/core/html/parser/HTMLResourcePreloader.cpp [modify] https://crrev.com/785c19f3bfd7d0953980e606df2514ef60ab0ef3/third_party/WebKit/Source/core/html/parser/HTMLResourcePreloader.h
,
Dec 6 2017
ClusterFuzz has detected this issue as fixed in range 521909:521911. Detailed report: https://clusterfuzz.com/testcase?key=6319273109880832 Fuzzer: inferno_layout_test_unmodified Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7fffe896bcb8 Crash State: blink::CSSPreloaderResourceClient::ScanCSS blink::CSSPreloaderResourceClient::DataReceived blink::Resource::DidAddClient Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=520613:520614 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=521909:521911 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6319273109880832 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 6 2017
ClusterFuzz testcase 6319273109880832 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Dec 1 2017Labels: Test-Predator-Auto-Components