Null-dereference READ in blink::CustomElementRegistry::DefinitionForName |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4656216703500288 Fuzzer: inferno_twister Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000028 Crash State: blink::CustomElementRegistry::DefinitionForName blink::HTMLElement::attachInternals blink::V8HTMLElement::attachInternalsMethodCallback Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=609230:609234 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4656216703500288 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 19
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Nov 19
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/165c8900c953f1bae6f8fb2d0b548ed4f11d4032 (Form-associated custom elements: Implement HTMLElement.prototype.attachInternals().). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Nov 20
,
Nov 20
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/69c7807c6de739328bcc8532b903f52769dbd0b9 commit 69c7807c6de739328bcc8532b903f52769dbd0b9 Author: Kent Tamura <tkent@chromium.org> Date: Tue Nov 20 06:13:27 2018 Form-associated custom elements: Fix a crash with documents without browsing context. CustomElement::Registry() can return nullptr. Bug: 906704 Change-Id: I5f3f87266526c97489b658668e15a38069fef033 Reviewed-on: https://chromium-review.googlesource.com/c/1343412 Reviewed-by: Hayato Ito <hayato@chromium.org> Commit-Queue: Kent Tamura <tkent@chromium.org> Cr-Commit-Position: refs/heads/master@{#609613} [modify] https://crrev.com/69c7807c6de739328bcc8532b903f52769dbd0b9/third_party/WebKit/LayoutTests/custom-elements/tentative/HTMLElement-attachInternals.html [modify] https://crrev.com/69c7807c6de739328bcc8532b903f52769dbd0b9/third_party/blink/renderer/core/html/html_element.cc
,
Nov 20
ClusterFuzz has detected this issue as fixed in range 609610:609613. Detailed report: https://clusterfuzz.com/testcase?key=4656216703500288 Fuzzer: inferno_twister Job Type: linux_asan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000028 Crash State: blink::CustomElementRegistry::DefinitionForName blink::HTMLElement::attachInternals blink::V8HTMLElement::attachInternalsMethodCallback Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=609230:609234 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_content_shell_drt&range=609610:609613 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4656216703500288 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 20
ClusterFuzz testcase 4656216703500288 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Nov 19