New issue
Advanced search Search tips

Issue 810876 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 20
Cc:
szager@chromium.org
chrishtr@chromium.org
vmp...@chromium.org
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , iOS
Pri: 2
Type: Bug



Sign in to add a comment

Abrt in blink::InlineTextBoxPainter::Paint

Project Member Reported by ClusterFuzz, Feb 9 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6649555911966720

Fuzzer: inferno_twister
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e900000001
Crash State:
  blink::InlineTextBoxPainter::Paint
  blink::InlineTextBox::Paint
  blink::InlineFlowBoxPainter::Paint
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=535606:535607

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6649555911966720

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Feb 9 2018

Components: Blink>Layout Blink>Paint
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Feb 9 2018

Labels: Test-Predator-Auto-Owner
Owner: chrishtr@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/3ee8649cef061b5016288b3f49f6e72288caf582 (Revert "Revert "Work around bug leading to out of range check when transforming first-line text."").

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by chrishtr@chromium.org, Feb 9 2018

Owner: schenney@chromium.org

Comment 4 by e...@chromium.org, Feb 13 2018

Cc: chrishtr@chromium.org
r535607 "Revert "Revert "Work around bug leading to out of range check when transforming first-line text.""" is the only change in the regression range.

Comment 5 by e...@chromium.org, Feb 26 2018

Cc: szager@chromium.org
This appears to hit an assert in InlineTextBoxPainter::Paint

// TODO(szager): Figure out why this CHECK sometimes fails, it shouldn't.
CHECK(inline_text_box_.Start() + length <= first_line_string.length());

Given the TODO and the fact that it's a known problem and not a regression I'd argue this shouldn't be a P1 but I'll leave that decision to schenney.

Comment 6 by schenney@chromium.org, Feb 27 2018

Labels: -Pri-1 Pri-2
Owner: ----
Status: Available (was: Assigned)
Yep, we've known about this for ages and not tracked it down. So not P1.
Project Member

Comment 7 by ClusterFuzz, Mar 30 2018

Labels: OS-Android
Project Member

Comment 8 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 9 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 10 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 11 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 12 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 13 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 14 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 15 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 16 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 17 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 18 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 19 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 20 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 21 by ClusterFuzz, Aug 20 

ClusterFuzz testcase 6649555911966720 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.

Comment 22 by schenney@chromium.org, Aug 20

Labels: OS-iOS
Status: WontFix (was: Available)

Sign in to add a comment