Null-dereference READ in blink::ShapeResult::CreateForTabulationCharacters |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5246233363611648 Fuzzer: inferno_twister_c Job Type: linux_tsan_chrome_mp Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000128 Crash State: blink::ShapeResult::CreateForTabulationCharacters blink::CachingWordShapeIterator::NextForAllowTabs blink::CachingWordShapeIterator::Next Sanitizer: thread (TSAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5246233363611648 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Feb 5 2018
Predator and CL could not provide any possible suspects. Observed that recent changes are made by drott@ for the files CachingWordShapeIterator.h and SimpleFontData.h drott@ -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Feb 5 2018
,
Feb 6 2018
,
Feb 9 2018
Issue 810653 has been merged into this issue.
,
Feb 13 2018
ClusterFuzz testcase 4803755498012672 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Feb 14 2018
Any ideas here, Koji?
,
Feb 15 2018
It looks like PrimaryFont() being nullptr.
,
Feb 21 2018
Issue 814017 has been merged into this issue.
,
Mar 5 2018
,
Mar 5 2018
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Feb 3 2018