CHECK failure: false. TypeError should not be thrown in html_marquee_element.cc |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6645730014658560 Fuzzer: puzzor_svg Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false. TypeError should not be thrown in html_marquee_element.cc blink::NonThrowableExceptionState::ThrowTypeError blink::ExceptionState::ThrowTypeError Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6645730014658560 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 24
,
Jul 24
Assigning component based on OWNERS file for html_marquee_element.cc. Please correct this if wrong.
,
Jul 25
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f22de573d0df738b0dea0bc408649fd10b4bd35d commit f22de573d0df738b0dea0bc408649fd10b4bd35d Author: Stephen McGruer <smcgruer@chromium.org> Date: Wed Jul 25 15:15:59 2018 Marquee: Early-exit on negative duration as well as zero duration It is possible for HTMLMarqueeElement::GetAnimationParameters to return a negative duration - this occurs when the <marquee> has no size but its 'mover' does. In this case we should not attempt to animate as this will just throw in TimingInput::Update (as a negative duration is invalid). Bug: 866289 Change-Id: Ifa0c2d2e8c717284670f7bddf8d350c174094f57 Reviewed-on: https://chromium-review.googlesource.com/1148887 Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Stephen McGruer <smcgruer@chromium.org> Cr-Commit-Position: refs/heads/master@{#577894} [add] https://crrev.com/f22de573d0df738b0dea0bc408649fd10b4bd35d/third_party/WebKit/LayoutTests/html/marquee/marquee-zero-width-crash-expected.txt [add] https://crrev.com/f22de573d0df738b0dea0bc408649fd10b4bd35d/third_party/WebKit/LayoutTests/html/marquee/marquee-zero-width-crash.html [modify] https://crrev.com/f22de573d0df738b0dea0bc408649fd10b4bd35d/third_party/blink/renderer/core/html/html_marquee_element.cc
,
Jul 25
,
Jul 26
ClusterFuzz has detected this issue as fixed in range 577893:577894. Detailed report: https://clusterfuzz.com/testcase?key=6645730014658560 Fuzzer: puzzor_svg Job Type: linux_debug_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: false. TypeError should not be thrown in html_marquee_element.cc blink::NonThrowableExceptionState::ThrowTypeError blink::ExceptionState::ThrowTypeError Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=linux_debug_chrome&range=577893:577894 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6645730014658560 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 26
ClusterFuzz testcase 6645730014658560 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by kkaluri@chromium.org
, Jul 24Components: Blink
Labels: M-68 Test-Predator-Wrong
Owner: smcgruer@chromium.org
Status: Assigned (was: Untriaged)