Issue metadata
Sign in to add a comment
|
Crash in blink::StyleEngine::NodeWillBeRemoved |
||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5636957576364032 Fuzzer: marty_html_twiddler Job Type: linux_msan_chrome Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000100000011 Crash State: blink::StyleEngine::NodeWillBeRemoved blink::ContainerNode::WillRemoveChild blink::ContainerNode::RemoveChild Sanitizer: memory (MSAN) Recommended Security Severity: Low Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=526968:526970 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5636957576364032 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jan 5 2018
,
Jan 12 2018
owning temporarily for take a look at trace.
,
Jan 12 2018
Hmm, can't view the page yet. changing the status.
,
Jan 12 2018
I don't think this is a security issue.
,
Jan 12 2018
,
Jan 12 2018
Looks like this fixed the crash already. The original change (which was in 526968:526970 range, as reported) was reverted at: https://chromium.googlesource.com/chromium/src/+/ce67e40512a36401cb863ff78d59f7a28c127bf3
,
Jan 12 2018
,
Jan 12 2018
As far as I searched, bug 799197 , bug 799103 , bug 799069 , bug 799059 (this) are pointing to the same issue.
,
Jan 12 2018
ClusterFuzz has detected this issue as fixed in range 527016:527020. Detailed report: https://clusterfuzz.com/testcase?key=5636957576364032 Fuzzer: marty_html_twiddler Job Type: linux_msan_chrome Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000100000011 Crash State: blink::StyleEngine::NodeWillBeRemoved blink::ContainerNode::WillRemoveChild blink::ContainerNode::RemoveChild Sanitizer: memory (MSAN) Recommended Security Severity: Low Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=526968:526970 Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=527016:527020 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5636957576364032 Additional requirements: Requires Gestures See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jan 5 2018