New issue
Advanced search Search tips

Issue 791609 link

Starred by 1 user
Status: Duplicate
Merged: issue 788053
Owner:
yosin@chromium.org
Closed: Dec 2017
Cc:
shend@chromium.org
editing-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in blink::IsTabHTMLSpanElement

Project Member Reported by ClusterFuzz, Dec 4 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6599738064633856

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000040
Crash State:
  blink::IsTabHTMLSpanElement
  blink::ApplyStyleCommand::RemoveCSSStyle
  blink::ApplyStyleCommand::RemoveInlineStyleFromElement
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=506675:506834

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6599738064633856

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by dtapu...@chromium.org, Dec 4 2017

Components: Blink>CSS

Comment 2 by shend@chromium.org, Dec 4 2017

Cc: shend@chromium.org
Components: -Blink>CSS Blink>Editing
Owner: yosin@chromium.org
Status: Assigned (was: Untriaged)
Stack trace seems to all be in editing code. Assigning to yosin@ based on https://chromium.googlesource.com/chromium/src/+/52d55d36c78e4772e0e3499409dc6f6dcabde00e

Please add back Blink>CSS if this is actually a CSS issue.

Comment 3 by yosin@chromium.org, Dec 6 2017

Mergedinto: 788053
Status: Duplicate (was: Assigned)
Root cause is as same as  issue 788053 .

Sign in to add a comment