Issue 819997 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 462234
Owner:	tkent@chromium.org
Closed:	Mar 2018
Cc:	█ brajkumar@chromium.org editing-dev@chromium.org
Components:	Blink>Editing
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Clusterfuzz Test-Predator-Wrong M-65

CHECK failure: std::numeric_limits<unsigned>::max() - data.length() >= result_length in Text.cp

Project Member Reported by ClusterFuzz, Mar 8 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5128627344375808

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: CHECK failure
Crash Address: 
Crash State:
  std::numeric_limits<unsigned>::max() - data.length() >= result_length in Text.cp
  blink::Text::wholeText
  blink::V8Text::wholeTextAttributeGetterCallback
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=476918:476985

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5128627344375808

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by brajkumar@chromium.org, Mar 9 2018

Cc: brajkumar@chromium.org
Components: Blink>Editing
Labels: M-65 Test-Predator-Wrong
Owner: tkent@chromium.org

Predator could not provide any possible suspects.

From the below CL observing some changes related to 'Text.cpp' hence suspecting the same
https://chromium.googlesource.com/chromium/src/+log/f0981bb18eb28f957d59bf1662b02c04dc40bd3c..6444a99819d7fe77ee5c8f895e1e47b95698c716?pretty=fuller&n=10000

Suspect CL: https://chromium.googlesource.com/chromium/src/+/46740f4e99de22f90302e72ca3a91730521b5827

gyuyoung/tkent@ -- Unable to assign to the author of the file, hence adding reviewer for more updates. Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 2 by brajkumar@chromium.org, Mar 9 2018

Status: Assigned (was: Untriaged)

Comment 3 by tkent@chromium.org, Mar 9 2018

Mergedinto: 462234
Status: Duplicate (was: Assigned)

Comment 4 by brajkumar@chromium.org, Mar 12 2018

 Issue 820780  has been merged into this issue.

►

Issue 819997 link

Issue metadata

CHECK failure: std::numeric_limits<unsigned>::max() - data.length() >= result_length in Text.cp

Issue description

Comment 1 by brajkumar@chromium.org, Mar 9 2018

Comment 1 Deleted

Comment 2 by brajkumar@chromium.org, Mar 9 2018

Comment 2 Deleted

Comment 3 by tkent@chromium.org, Mar 9 2018

Comment 3 Deleted

Comment 4 by brajkumar@chromium.org, Mar 12 2018

Comment 4 Deleted

Sign in to add a comment