Stack-overflow in blink::TextDumper::HandleNode |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6496349947428864 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffd4a45ac20 Crash State: blink::TextDumper::HandleNode Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=514498:517698 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6496349947428864 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Dec 6 2017
Here is the change log from CF report: https://chromium.googlesource.com/chromium/src/+log/f1d468e87426765c55bc7cd8194799e14267732d..f76165032979d28ccd077d12cae0fd0fbcd30c9e?pretty=fuller&n=10000 xiaochengh@, can you please look into this change (https://chromium.googlesource.com/chromium/src/+/6b7caf9d9a9948625b933566f9479990bb014dc2)? Thank you!
,
Dec 6 2017
Should be Blink>Infra since TextDumper is a testing tool.
,
Dec 6 2017
Wait... TextDumper is also (mis)used in business code. Adding Blink>Editing back.
,
Dec 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/582f320ff06701b3b6ede8bc4112ddac5de2d45e commit 582f320ff06701b3b6ede8bc4112ddac5de2d45e Author: Xiaocheng Hu <xiaochengh@chromium.org> Date: Thu Dec 07 18:03:00 2017 Add a recursion depth limit to WebFrameContentDumper's TextDumper When the DOM tree is very deep, TextDumper may run out of stack space due to the main recursion in its implementation. This patch adds a depth limit to the recursion to avoid that. Bug: 792094 Change-Id: Ica139bbf73f4129d317b7ed5d1e92c0d13566cf6 Reviewed-on: https://chromium-review.googlesource.com/812118 Reviewed-by: Ian Kilpatrick <ikilpatrick@chromium.org> Reviewed-by: Emil A Eklund <eae@chromium.org> Commit-Queue: Xiaocheng Hu <xiaochengh@chromium.org> Cr-Commit-Position: refs/heads/master@{#522474} [modify] https://crrev.com/582f320ff06701b3b6ede8bc4112ddac5de2d45e/third_party/WebKit/Source/core/exported/WebFrameContentDumper.cpp
,
Dec 8 2017
ClusterFuzz has detected this issue as fixed in range 522471:522474. Detailed report: https://clusterfuzz.com/testcase?key=6496349947428864 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffd4a45ac20 Crash State: blink::TextDumper::HandleNode Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=514498:517698 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=522471:522474 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6496349947428864 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 8 2017
ClusterFuzz testcase 6496349947428864 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by kkaluri@chromium.org
, Dec 6 2017Components: Blink
Labels: M-65 Test-Predator-Wrong CF-NeedsTriage