Floating-point-exception in blink::BackgroundImageGeometry::calculate |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4609607040761856 Fuzzer: inferno_twister_custom_bundle Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Floating-point-exception Crash Address: Crash State: blink::BackgroundImageGeometry::calculate blink::LayoutBox::computeBackgroundIsKnownToBeObscured blink::LayoutObject::invalidatePaintIfNeeded Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=380964:381067 Minimized Testcase (0.55 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Z8FNN1jF7xf_SYfBoJlItUZy05sbizVd67HQrbbHwjw7EhCuPUtDErevZKM2u_4TeGEMpp5Kg8aXXtsgFaa7XI80p9Lvv9jfbYojt9XvujvvwAHTTBkdMoxGUCciDQDZjRmWkQHRsMO-tEqKrzlOYrRM0Hw Additional requirements: Requires HTTP Filer: ligimole See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 15 2016
,
Mar 16 2016
,
Mar 18 2016
Remove legacy label cr-blink
,
Mar 18 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d146f1d1b21205841f8982b4fafc87b02b07aa29 commit d146f1d1b21205841f8982b4fafc87b02b07aa29 Author: schenney <schenney@chromium.org> Date: Fri Mar 18 20:03:13 2016 Fix the check for divide-by-zero in background image tiling A recent patch changed the width used to find the amount of space when background-repeat is set to space, but did not update the corresponding zero check. This patch fixes it and adds a test for zero sized tiles in background painting. R=leviw@chromium.org BUG= 595141 , 594915 Review URL: https://codereview.chromium.org/1812893002 Cr-Commit-Position: refs/heads/master@{#382058} [add] https://crrev.com/d146f1d1b21205841f8982b4fafc87b02b07aa29/third_party/WebKit/LayoutTests/fast/backgrounds/background-repeat-space-zero-tile-size-expected.html [add] https://crrev.com/d146f1d1b21205841f8982b4fafc87b02b07aa29/third_party/WebKit/LayoutTests/fast/backgrounds/background-repeat-space-zero-tile-size.html [modify] https://crrev.com/d146f1d1b21205841f8982b4fafc87b02b07aa29/third_party/WebKit/Source/core/paint/BackgroundImageGeometry.cpp
,
Mar 18 2016
,
Mar 19 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4609607040761856 Fuzzer: inferno_twister_custom_bundle Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Floating-point-exception Crash Address: Crash State: blink::BackgroundImageGeometry::calculate blink::LayoutBox::computeBackgroundIsKnownToBeObscured blink::LayoutObject::invalidatePaintIfNeeded Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=380964:381067 Minimized Testcase (0.55 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Z8FNN1jF7xf_SYfBoJlItUZy05sbizVd67HQrbbHwjw7EhCuPUtDErevZKM2u_4TeGEMpp5Kg8aXXtsgFaa7XI80p9Lvv9jfbYojt9XvujvvwAHTTBkdMoxGUCciDQDZjRmWkQHRsMO-tEqKrzlOYrRM0Hw Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ligim...@chromium.org
, Mar 15 2016Labels: -Pri-1 ReleaseBlock-Stable Te-Logged M-51 Pri-2
Owner: schenney@chromium.org
Status: Assigned (was: Available)