New issue
Advanced search Search tips

Issue 869740 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Aug 20
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: result || flags & PartitionAllocReturnNull in partition_alloc.h

Project Member Reported by ClusterFuzz, Aug 1

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6452134531563520

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  result || flags & PartitionAllocReturnNull in partition_alloc.h
  blink::V8Document::createTextNodeMethodCallback
  v8::internal::FunctionCallbackArguments::Call
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6452134531563520

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Components: Blink>JavaScript
Owner: titzer@chromium.org
Status: Assigned (was: Untriaged)
assigning to cf sheriff for further triage.
Components: -Blink>JavaScript Blink>DOM
Owner: ----
Status: Available (was: Assigned)
This is an OOM situation inside of the DOM method to add a text node.
The test case adds a very large string to the DOM 1024 times and goes OOM. The allocation path has no OOM checks.

(from the CF issue):
#0 0xf7f9ef38 in [vdso]
#1 0x639872de in logging::LogMessage::~LogMessage() base/logging.cc:865:7
#2 0x6f41ba26 in PartitionAllocGenericFlags base/allocator/partition_allocator/partition_alloc.h:351:3
#3 0x6f41ba26 in Alloc base/allocator/partition_allocator/partition_alloc.h:370
#4 0x6f41ba26 in BufferMalloc third_party/blink/renderer/platform/wtf/allocator/partitions.h:97
#5 0x6f41ba26 in WTF::StringImpl::CreateUninitialized(unsigned int, unsigned char*&) third_party/blink/renderer/platform/wtf/text/string_impl.cc:115
#6 0x7748acce in CreateUninitialized third_party/blink/renderer/platform/wtf/text/wtf_string.h:366:12
Components: -Blink>DOM Blink>MemoryAllocator
It is unclear to me how this issue is related to DOM's implementation directly.

Project Member

Comment 5 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 6 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 7 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 8 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 9 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 10 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 11 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 12 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 13 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 14 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 15 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 16 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 17 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 18 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 19 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 20 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 21 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 22 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 23 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 24 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 25 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 26 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 27 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 28 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 29 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 30 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 31 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 32 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 33 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 34 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 35 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 36 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 37 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 38 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 39 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Project Member

Comment 40 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Ignore the "obsolete fuzzer" messages, we are working on a fix.
Project Member

Comment 42 by ClusterFuzz, Aug 20

ClusterFuzz testcase 6452134531563520 is associated with an obsolete fuzzer and can no longer be processed. Please close the issue if it is no longer actionable.
Status: WontFix (was: Available)
Closing these now due to obsolete fuzzer issue, ClusterFuzz should file new ones with fixed testcases.

Sign in to add a comment