New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 847017 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: May 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in chrome

Project Member Reported by ClusterFuzz, May 26 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4797277483565056

Fuzzer: inferno_twister
Job Type: linux_cfi_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x00000000003d
Crash State:
  chrome
  blink::InlineBox::LogicalLeft
  blink::RootInlineBox::ClosestLeafChildForLogicalLeftPosition
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=523878:523922

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4797277483565056

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, May 26 2018

Components: Blink>Layout
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Cc: brajkumar@chromium.org
Labels: M-67 Test-Predator-Wrong
Unable to find actual suspect through code search and also observing no related CL's under regression range, hence adding appropriate label and requesting someone from blink team to look in to this issue.

Thanks!

Comment 3 by e...@chromium.org, May 29 2018

Status: WontFix (was: Untriaged)
Not a security issue and not seen in the wild. This code is going away relatively soon so marking as WontFix.
Project Member

Comment 4 by ClusterFuzz, Jun 5 2018

Labels: Needs-Feedback
ClusterFuzz testcase 4797277483565056 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Sign in to add a comment