CHECK failure: count <= MaxElementCountInBackingStore<T>() in partition_allocator.h |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5193552276226048 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: count <= MaxElementCountInBackingStore<T>() in partition_allocator.h blink::Node::textContent blink::Element::innerText Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=447465:447478 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5193552276226048 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 18 2018
Unable to find actual suspect through code search and also observing no suspecting CL under regression range, hence adding appropriate label and requesting someone from blink team to look in to this issue. Thanks!
,
Apr 18 2018
,
Apr 24 2018
,
May 21 2018
Please triage accordingly.
,
May 30 2018
This is a straightforward sanity check working as intended:
template <typename T>
static size_t QuantizedSize(size_t count) {
CHECK_LE(count, MaxElementCountInBackingStore<T>());
return WTF::Partitions::BufferPartition()->ActualSize(count * sizeof(T));
}
,
Jun 6 2018
ClusterFuzz testcase 5193552276226048 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by erikc...@chromium.org
, Apr 16 2018