New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 819128 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 462234
Owner: ----
Closed: Mar 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

CHECK failure: std::numeric_limits<unsigned>::max() - data.length() >= result_length in Text.cp

Project Member Reported by ClusterFuzz, Mar 6 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5083804091023360

Fuzzer: inferno_twister
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  std::numeric_limits<unsigned>::max() - data.length() >= result_length in Text.cp
  blink::Text::wholeText
  blink::TextV8Internal::wholeTextAttributeGetter
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=504749:504764

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5083804091023360

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Cc: brajkumar@chromium.org
Components: Blink
Labels: -Pri-1 M-65 Test-Predator-Wrong CF-NeedsTriage Pri-2
Unable to find actual suspect through code search and also from the provided CL under regression range, hence adding appropriate label and requesting some one from blink team to look in to this issue.

Thanks!

Comment 2 by tkent@chromium.org, Mar 7 2018

Components: -Blink Blink>DOM
Mergedinto: 462234
Status: Duplicate (was: Untriaged)

Sign in to add a comment