CHECK failure: count <= MaxElementCountInBackingStore<T>() in PartitionAllocator.h |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5545605410324480 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_chrome Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: count <= MaxElementCountInBackingStore<T>() in PartitionAllocator.h blink::BlobBytesProvider::AppendData blink::BlobData::AppendDataInternal Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=447465:447478 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5545605410324480 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 22 2018
Predator could not provide any possible suspects. From the below CL observing some changes related to file 'PartitionAllocator.h' , hence suspecting the same https://chromium.googlesource.com/chromium/src/+log/2d184d931166e89d8163c78f945fa168afd080d2..5d6f36b35b6bf8bd4c31f861e5f46875b46fb82d?pretty=fuller&n=10000 Suspect CL: https://chromium.googlesource.com/chromium/src/+/4da5a6bc55b8e3909b98f3e0f23d7c5d0cb9ecb8 sigbjornf/haraken@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Mar 23 2018
,
Mar 23 2018
Re #3: I'm pretty sure this is a bug in the caller (Blink), not Partition Alloc. Partition Alloc is refusing to allocate when it detects integer overflow, and this is working as intended. The caller requested too many objects. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Mar 21 2018