Issue 819128 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 462234
Owner:	----
Closed:	Mar 2018
Cc:	█ brajkumar@chromium.org
Components:	Blink>DOM
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Stability-Crash Reproducible Clusterfuzz Test-Predator-Wrong M-65 CF-NeedsTriage

CHECK failure: std::numeric_limits<unsigned>::max() - data.length() >= result_length in Text.cp

Project Member Reported by ClusterFuzz, Mar 6 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5083804091023360

Fuzzer: inferno_twister
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  std::numeric_limits<unsigned>::max() - data.length() >= result_length in Text.cp
  blink::Text::wholeText
  blink::TextV8Internal::wholeTextAttributeGetter
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=504749:504764

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5083804091023360

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by brajkumar@chromium.org, Mar 7 2018

Cc: brajkumar@chromium.org
Components: Blink
Labels: -Pri-1 M-65 Test-Predator-Wrong CF-NeedsTriage Pri-2

Unable to find actual suspect through code search and also from the provided CL under regression range, hence adding appropriate label and requesting some one from blink team to look in to this issue.

Thanks!

Comment 2 by tkent@chromium.org, Mar 7 2018

Components: -Blink Blink>DOM
Mergedinto: 462234
Status: Duplicate (was: Untriaged)

►

Issue 819128 link

Issue metadata

CHECK failure: std::numeric_limits<unsigned>::max() - data.length() >= result_length in Text.cp

Issue description

Comment 1 by brajkumar@chromium.org, Mar 7 2018

Comment 1 Deleted

Comment 2 by tkent@chromium.org, Mar 7 2018

Comment 2 Deleted

Sign in to add a comment