Stack-overflow in LayoutIfNeeded |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6175340343590912 Fuzzer: attekett_surku_fuzzer Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffcc2044eb8 Crash State: LayoutIfNeeded blink::SVGLayoutSupport::LayoutChildren blink::LayoutSVGContainer::UpdateLayout Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=523898:523900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6175340343590912 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 14 2018
Opening the repro SVG gives me an error about excessive node nesting. So it seems like we should catch this rather than hitting a stack overflow.
,
May 14 2018
> Predator was unable to identify any culprit changelists for this test case. > Unable to find actual suspect through code search and also observing no possible suspect CL under regression range, hence requesting someone from blink team to look in to it. Thanks!
,
May 14 2018
,
May 14 2018
Maybe something should be done to this: // FIXME: HTMLConstructionSite has a limit of 512, should these match? static const unsigned kMaxXMLTreeDepth = 5000;
,
Nov 20
Gentle Ping! Just wondering do we have any further update on this? Thank you!
,
Nov 20
I suspect adjusting the limit from c#5 is still the most reasonable thing to do here. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, May 13 2018Labels: Test-Predator-Auto-Components