Null-dereference READ in blink::LocalFrameView::UpdateAllLifecyclePhases |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5987278534737920 Fuzzer: inferno_twister Job Type: linux_msan_content_shell_drt Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000030 Crash State: blink::LocalFrameView::UpdateAllLifecyclePhases blink::Internals::scrollsWithRespectTo blink::V8Internals::ScrollsWithRespectToMethodCallback Sanitizer: memory (MSAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5987278534737920 Issue filed automatically. See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for instructions to reproduce this bug locally.
,
Jan 2
pdr, could you take a look?
,
Jan 3
Internals::scrollsWithRespectTo is not checking that the nodes are in an active document like other DOM apis do (e.g., HTMLImageElement::width()). Because this is an internals-only function, I don't think we need to worry about this crash.
,
Jan 10
ClusterFuzz testcase 5987278534737920 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace. |
||||
►
Sign in to add a comment |
||||
Comment 1 by pnangunoori@chromium.org
, Dec 26Labels: M-72 Test-Predator-Wrong
Owner: vmp...@chromium.org
Status: Assigned (was: Untriaged)