Issue metadata
Sign in to add a comment
|
Stack-overflow in MemberBase |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4689416204058624 Fuzzer: bj_broddelwerk Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffc815e1b98 Crash State: MemberBase Member WhitespaceAttacher Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=523898:523900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4689416204058624 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 21 2018
Predator and CL could not provide any possible suspects. Using Code Search for the file, "HTMLSlotElement.cpp" suspecting the below Cl might have caused this issue Suspect CL: https://chromium.googlesource.com/chromium/src/+/7c44da721a59e6aa0b9fdcddb314175cb1e0123f%5E%21/third_party/WebKit/Source/core/html/HTMLSlotElement.cpp hayato@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Mar 22 2018
Rune, it looks WhiteSpaceAttacher might be related. Could you have a chance to take a look?
,
Mar 22 2018
WhitespaceAttacher happens to be pushed onto the stack when we run out of stack space for a very deep DOM tree.
,
Mar 29 2018
ClusterFuzz testcase 4689416204058624 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Mar 20 2018Labels: Test-Predator-Auto-Components