Issue metadata
Sign in to add a comment
|
Bad-cast to blink::ContextLifecycleObserverblink::LifecycleNotifier<blink::ExecutionContext, blink::ContextLifecycleObserver>::NotifyContextDestroyed in blink::Document::Shutdown |
||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5493104829005824 Fuzzer: j00ru_htmlcss_fuzz Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x3e74e16b1270 Crash State: Bad-cast to blink::ContextLifecycleObserverblink::LifecycleNotifier<blink::ExecutionContext, blink::ContextLifecycleObserver>::NotifyContextDestroyed blink::Document::Shutdown blink::FrameLoader::PrepareForCommit Sanitizer: undefined (UBSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=535323:535324 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5493104829005824 Additional requirements: Requires Gestures Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 18 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by infe...@chromium.org
, Feb 8 2018