New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 835751 link

Starred by 1 user

Issue metadata

Status: Duplicate
Owner: ----
Closed: Apr 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Null-dereference READ in blink::FontCache::CrashWithFontInfo

Project Member Reported by ClusterFuzz, Apr 23 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5417480647081984

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  blink::FontCache::CrashWithFontInfo
  blink::FontFallbackIterator::Next
  blink::FontFallbackIterator::Next
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=523880:523906

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5417480647081984

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Apr 23 2018

Labels: OS-Windows
Project Member

Comment 2 by ClusterFuzz, Apr 23 2018

Components: Internals>Core Internals>Media
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Cc: brajkumar@chromium.org
Components: -Internals>Media -Internals>Core Blink>Fonts
Labels: -Type-Bug M-66 Test-Predator-Wrong Type-Bug-Regression
Unable to find actual suspect through code search and also observing no possible suspect CL under regression range, hence adding appropriate label and requesting someone from blink team to look in to this issue.

Thanks!
Labels: CF-NeedsTriage

Comment 5 by e...@chromium.org, Apr 30 2018

Mergedinto: 561873
Status: Duplicate (was: Untriaged)
Project Member

Comment 6 by ClusterFuzz, Jun 18 2018

ClusterFuzz has detected this issue as fixed in range 567946:567947.

Detailed report: https://clusterfuzz.com/testcase?key=5417480647081984

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  blink::FontCache::CrashWithFontInfo
  blink::FontFallbackIterator::Next
  blink::FontFallbackIterator::Next
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=523880:523906
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=567946:567947

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5417480647081984

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment