Null-dereference READ in blink::PositionWithAffinityTemplate<blink::EditingAlgorithm<blink::NodeTraversal |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6481772402180096 Fuzzer: bj_broddelwerk Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: blink::PositionWithAffinityTemplate<blink::EditingAlgorithm<blink::NodeTraversal blink::ComputeInlineBoxPosition blink::NextLinePosition Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=553007:553010 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6481772402180096 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 2 2018
,
May 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7442d6e4e1f40aed18c17dcd8f480e922ce1e56a commit 7442d6e4e1f40aed18c17dcd8f480e922ce1e56a Author: Xiaocheng Hu <xiaochengh@chromium.org> Date: Thu May 03 06:18:02 2018 Revert "Stop using RenderedPosition in VisibleUnitsLine" This reverts commit 85d8d125def54d5c6ce28fec310f8cf5738caf48. Reason for revert: causing crbug.com/838075 Original change's description: > Stop using RenderedPosition in VisibleUnitsLine > > VisibleUnitsLine uses RenderedPosition instances without using > the bidi-related functionalities. > > Since RenderedPosition is a wrapper of InlineBoxPosition with bidi > utility functions added, this patch changes VisibleUnitsLine to > use InlineBoxPosition directly for simplicity. > > Bug: 822575 > Change-Id: I158ddfb3dec1ead3f8b66e1255f3465f3f0353a2 > Reviewed-on: https://chromium-review.googlesource.com/1024645 > Reviewed-by: Yoichi Osato <yoichio@chromium.org> > Reviewed-by: Yoshifumi Inoue <yosin@chromium.org> > Commit-Queue: Xiaocheng Hu <xiaochengh@chromium.org> > Cr-Commit-Position: refs/heads/master@{#553008} TBR=yosin@chromium.org,yoichio@chromium.org,xiaochengh@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 822575, 838075 Change-Id: Ifa8429f7749d5c6bdb6dda3f2ed3471c523756ce Reviewed-on: https://chromium-review.googlesource.com/1040611 Reviewed-by: Xiaocheng Hu <xiaochengh@chromium.org> Commit-Queue: Xiaocheng Hu <xiaochengh@chromium.org> Cr-Commit-Position: refs/heads/master@{#555673} [modify] https://crrev.com/7442d6e4e1f40aed18c17dcd8f480e922ce1e56a/third_party/blink/renderer/core/editing/visible_units_line.cc
,
May 3 2018
ClusterFuzz has detected this issue as fixed in range 555672:555673. Detailed report: https://clusterfuzz.com/testcase?key=6481772402180096 Fuzzer: bj_broddelwerk Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: blink::PositionWithAffinityTemplate<blink::EditingAlgorithm<blink::NodeTraversal blink::ComputeInlineBoxPosition blink::NextLinePosition Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=553007:553010 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=555672:555673 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6481772402180096 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 3 2018
ClusterFuzz testcase 6481772402180096 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by pnangunoori@chromium.org
, May 2 2018Components: Blink>CSS
Labels: M-68 Test-Predator-Wrong
Owner: xiaoche...@chromium.org
Status: Assigned (was: Untriaged)