New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 829073 link

Starred by 2 users

Issue metadata

Status: Verified
Owner: ----
Closed: Apr 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 3
Type: Bug-Regression



Sign in to add a comment

Null-dereference READ in blink::InlineBox::Root

Project Member Reported by ClusterFuzz, Apr 4 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5500066073411584

Fuzzer: bj_broddelwerk
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000020
Crash State:
  blink::InlineBox::Root
  blink::LocalCaretRectOfPosition
  blink::RendersInDifferentPosition
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=547638:547640

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5500066073411584

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Cc: brajkumar@chromium.org
Components: Blink>Editing>Selection
Labels: -Type-Bug M-67 Test-Predator-Wrong Type-Bug-Regression
Owner: yoichio@chromium.org
Status: Assigned (was: Untriaged)
Predator could not provide any possible suspects.

From the below CL observing some changes related to 'LocalCaretRect.cpp' , hence suspecting the same
https://chromium.googlesource.com/chromium/src/+log/a624656678a7b779d4f87584b98303f96ef94623..30cc48f2412329c94b7fcfe98bd942f9fad098b5?pretty=fuller&n=10000

Suspect CL: https://chromium.googlesource.com/chromium/src/+/0cca13625be692fc10b4bdad3369a4eae7388eaf

yoichio@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!
Project Member

Comment 2 by ClusterFuzz, Apr 5 2018

Labels: OS-Mac
Cc: yoichio@chromium.org
 Issue 829364  has been merged into this issue.
Labels: -Pri-1 Pri-3
The test case is using minor API document.execCommnad(InsertList).
Impact is low.
Owner: ----
Status: Available (was: Assigned)
Project Member

Comment 6 by ClusterFuzz, Apr 6 2018

Labels: OS-Linux
Project Member

Comment 7 by ClusterFuzz, Apr 6 2018

Components: Blink>Layout
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 8 by ClusterFuzz, Apr 15 2018

ClusterFuzz has detected this issue as fixed in range 550562:550563.

Detailed report: https://clusterfuzz.com/testcase?key=5500066073411584

Fuzzer: bj_broddelwerk
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000020
Crash State:
  blink::InlineBox::Root
  blink::LocalCaretRectOfPosition
  blink::RendersInDifferentPosition
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=547638:547640
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=550562:550563

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5500066073411584

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 9 by ClusterFuzz, Apr 15 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase 5500066073411584 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment