Null-dereference READ in blink::ComputedStyle::InheritedEqual |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5646021358780416 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000040 Crash State: blink::ComputedStyle::InheritedEqual blink::Text::RecalcTextStyle blink::ContainerNode::RecalcDescendantStyles Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=620890:620891 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5646021358780416 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Jan 9
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/66bc943f8f0557fc1d522546df16f4752db8014a (We never ask for text style without parent style.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jan 9
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Jan 9
,
Jan 9
,
Jan 9
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7586e935847e1db6035495ea32624e01cbdd5ba3 commit 7586e935847e1db6035495ea32624e01cbdd5ba3 Author: Rune Lillesveen <futhark@chromium.org> Date: Wed Jan 09 13:42:02 2019 Missing null check for text style. Crash introduced in [1]. Need to null check StyleForText now that we do not return initial style. [1] https://chromium-review.googlesource.com/c/chromium/src/+/1400689 Bug: 920090 Change-Id: I8223c2f6054cd8c8eb7bf711ba1d2db9ae6837ae Reviewed-on: https://chromium-review.googlesource.com/c/1402788 Reviewed-by: Morten Stenshorne <mstensho@chromium.org> Commit-Queue: Rune Lillesveen <futhark@chromium.org> Cr-Commit-Position: refs/heads/master@{#621130} [modify] https://crrev.com/7586e935847e1db6035495ea32624e01cbdd5ba3/third_party/blink/renderer/core/dom/text.cc [add] https://crrev.com/7586e935847e1db6035495ea32624e01cbdd5ba3/third_party/blink/web_tests/fast/css/text-style-recalc-not-in-flat-tree-crash.html
,
Jan 9
,
Jan 9
ClusterFuzz testcase 5088326432063488 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jan 9
ClusterFuzz has detected this issue as fixed in range 621129:621130. Detailed report: https://clusterfuzz.com/testcase?key=5646021358780416 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000040 Crash State: blink::ComputedStyle::InheritedEqual blink::Text::RecalcTextStyle blink::ContainerNode::RecalcDescendantStyles Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=620890:620891 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=621129:621130 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5646021358780416 See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Jan 9