Issue 963061 in chromium: Heap-use-after-free in blink::LayoutObject::LastLeafChild
4 views
Skip to first unread message
ClusterFuzz via monorail
May 14, 2019, 3:04:52 PM5/14/19
to editi...@chromium.org
Updates:
Labels: Test-Predator-Auto-Owner
Owner: ryan...@chromium.org
Status: Assigned
Comment #2 on issue 963061 by ClusterFuzz: Heap-use-after-free in blink::LayoutObject::LastLeafChild
https://bugs.chromium.org/p/chromium/issues/detail?id=963061#c2
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/2635b61a3ea8f72c538039ac8106fca92d097629 (Adding a LifeCycle Check to AnchorElementMetrics).
If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
--
You received this message because:
1. A rule CC'd you on the issue
2. You are auto-CC'd on all issues in component Blink>Editing
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment or make updates.
Labels: Test-Predator-Auto-Owner
Owner: ryan...@chromium.org
Status: Assigned
Comment #2 on issue 963061 by ClusterFuzz: Heap-use-after-free in blink::LayoutObject::LastLeafChild
https://bugs.chromium.org/p/chromium/issues/detail?id=963061#c2
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/2635b61a3ea8f72c538039ac8106fca92d097629 (Adding a LifeCycle Check to AnchorElementMetrics).
If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
--
You received this message because:
1. A rule CC'd you on the issue
2. You are auto-CC'd on all issues in component Blink>Editing
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment or make updates.
ClusterFuzz via monorail
May 14, 2019, 3:04:54 PM5/14/19
to editi...@chromium.org
Updates:
Components: Blink>Editing Blink>Layout
Labels: Test-Predator-Auto-Components
Comment #1 on issue 963061 by ClusterFuzz: Heap-use-after-free in blink::LayoutObject::LastLeafChild
https://bugs.chromium.org/p/chromium/issues/detail?id=963061#c1
Automatically applying components based on crash stacktrace and information from OWNERS files.
If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Components: Blink>Editing Blink>Layout
Labels: Test-Predator-Auto-Components
Comment #1 on issue 963061 by ClusterFuzz: Heap-use-after-free in blink::LayoutObject::LastLeafChild
https://bugs.chromium.org/p/chromium/issues/detail?id=963061#c1
Automatically applying components based on crash stacktrace and information from OWNERS files.
If this is incorrect, please apply the Test-Predator-Wrong-Components label.
ryansturm via monorail
May 14, 2019, 3:25:46 PM5/14/19
to editi...@chromium.org
Updates:
Cc: ryan...@chromium.org
Owner: sza...@chromium.org
Comment #3 on issue 963061 by ryan...@chromium.org: Heap-use-after-free in blink::LayoutObject::LastLeafChild
https://bugs.chromium.org/p/chromium/issues/detail?id=963061#c3
Stefan, looking at the stack, there isn't anything in AnchorElementMetrics, and specifically, it looks like a crash in layout_object.cc from an onload JS event handler. Do you have any thoughts on how my CL could cause this to start repro'ing? If not, I think this should be marked as untriaged or assigned to someone from the layout team because I am really out of my depth on this.
General note: the suspected CL was intended to fix a crash.
Cc: ryan...@chromium.org
Owner: sza...@chromium.org
Comment #3 on issue 963061 by ryan...@chromium.org: Heap-use-after-free in blink::LayoutObject::LastLeafChild
https://bugs.chromium.org/p/chromium/issues/detail?id=963061#c3
Stefan, looking at the stack, there isn't anything in AnchorElementMetrics, and specifically, it looks like a crash in layout_object.cc from an onload JS event handler. Do you have any thoughts on how my CL could cause this to start repro'ing? If not, I think this should be marked as untriaged or assigned to someone from the layout team because I am really out of my depth on this.
General note: the suspected CL was intended to fix a crash.
Reply all
Reply to author
Forward
0 new messages