New issue
Advanced search Search tips

Issue 893105 link

Starred by 1 user
Status: WontFix
Owner:
e...@chromium.org
Closed: Oct 8
Cc:
vmp...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Stack-overflow in blink::InlineFlowBox::PlaceBoxRangeInInlineDirection

Project Member Reported by ClusterFuzz, Oct 8 
Detailed report: https://clusterfuzz.com/testcase?key=5738029048922112

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7ffd33f19fe0
Crash State:
  blink::InlineFlowBox::PlaceBoxRangeInInlineDirection
  blink::InlineFlowBox::PlaceBoxesInInlineDirection
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=545879:545880

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5738029048922112

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Oct 8

Components: Blink>Layout
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Oct 8

Labels: Test-Predator-Auto-Owner
Owner: vmp...@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/279708b3c8ed5b6d9b4ed452072458cb0f9047d0 ([LayoutTests] Replace multiple dump responses with one callback/struct.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by vmp...@chromium.org, Oct 8

Cc: vmp...@chromium.org
Owner: e...@chromium.org
-> eae@ for triage. This doesn't seem to be related to my change, and I'm not sure there's much to do since it seems to just recurse very deep into the layout

Comment 4 by e...@chromium.org, Oct 8

Status: WontFix (was: Assigned)
Non-security stack-overflow for deeply nested content => WontFix.
Project Member

Comment 5 by ClusterFuzz, Oct 13

Labels: OS-Mac
Project Member

Comment 6 by ClusterFuzz, Oct 15

Labels: Needs-Feedback
ClusterFuzz testcase 5738029048922112 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 7 by e...@chromium.org, Oct 15

Labels: ClusterFuzz-Ignore
Project Member

Comment 8 by ClusterFuzz, Jan 3 

ClusterFuzz has detected this issue as fixed in range 619628:619629.

Detailed report: https://clusterfuzz.com/testcase?key=5738029048922112

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_content_shell_drt
Platform Id: linux

Crash Type: Stack-overflow
Crash Address: 0x7ffd33f19fe0
Crash State:
  blink::InlineFlowBox::PlaceBoxRangeInInlineDirection
  blink::InlineFlowBox::PlaceBoxesInInlineDirection
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=545879:545880
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=619628:619629

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5738029048922112

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment