Issue 894052 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Merged:	issue 890585
Owner:	schenney@chromium.org
Closed:	Jan 8
Cc:	kkaluri@chromium.org
Components:	Blink>Layout
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz Test-Predator-Wrong M-71

Null-dereference READ in View

Project Member Reported by ClusterFuzz, Oct 10

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6239326311284736

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000240
Crash State:
  View
  blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets
  blink::FrameSelection::ComputeVisibleSelectionInDOMTreeDeprecated
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=594766:594769

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6239326311284736

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by kkaluri@chromium.org, Oct 11

Cc: kkaluri@chromium.org
Labels: M-71 Test-Predator-Wrong
Owner: schenney@chromium.org
Status: Assigned (was: Untriaged)

Predator and CL could not provide any possible suspects.

Using Code Search for the file, "document.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/fe7f8c3cc9889e4a1fd18742691d621982b2c171

schenney@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!

Comment 2 by schenney@chromium.org, Oct 22

Components: Blink>Layout

Comment 3 by schenney@chromium.org, Oct 22

Labels: -Pri-1 Pri-2

Comment 4 by thestig@chromium.org, Jan 7

Duplicate of  bug 890585 ?

Comment 5 by schenney@chromium.org, Jan 8

Mergedinto: 890585
Status: Duplicate (was: Assigned)

Yes.

Project Member

Comment 6 by ClusterFuzz, Jan 19 (3 days ago)

ClusterFuzz has detected this issue as fixed in range 624368:624374.

Detailed report: https://clusterfuzz.com/testcase?key=6239326311284736

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_lsan_chrome_mp
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000240
Crash State:
  View
  blink::Document::UpdateStyleAndLayoutIgnorePendingStylesheets
  blink::FrameSelection::ComputeVisibleSelectionInDOMTreeDeprecated
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=594766:594769
Fixed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=624368:624374

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6239326311284736

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 894052 link

Issue metadata

Null-dereference READ in View

Issue description

Comment 1 by kkaluri@chromium.org, Oct 11

Comment 1 Deleted

Comment 2 by schenney@chromium.org, Oct 22

Comment 2 Deleted

Comment 3 by schenney@chromium.org, Oct 22

Comment 3 Deleted

Comment 4 by thestig@chromium.org, Jan 7

Comment 4 Deleted

Comment 5 by schenney@chromium.org, Jan 8

Comment 5 Deleted

Comment 6 by ClusterFuzz, Jan 19 (3 days ago)

Comment 6 Deleted

Sign in to add a comment