Author: rtoy
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/71df40e1bab3e8d1bb48f539af9ae9cbb03f9bba
Time: Mon May 16 18:03:05 2016
The CL last changed line 132 of file AudioParam.cpp, which is stack frame 1.

@rtoy: Request you to please take a look into it. Please help us to reassign if not with respect to your change.

All of the values for curve for setValueCurve are set to NaN.  The spec isn't clear what should happen in this case.  In general, however, the spec says you can't assign NaN to an AudioParam via the setter or any other automation method.

We should probably also ensure that all of the values for setValueCurve are not NaN.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9e1870e6504d085c7b624ae16f55d03e46dc8ef0

commit 9e1870e6504d085c7b624ae16f55d03e46dc8ef0
Author: rtoy <rtoy@chromium.org>
Date: Wed May 25 23:44:58 2016

Throw exception for non-finite values in setValueCurve

If the curve given to setValueCurveAtTime contains non-finite values,
throw an exception.  All other AudioParam methods including the value
setter or the automation methods do not allow a non-finite value to be
specified.  The same should be true for the curve values given to
setValueCurveAtTime.

BUG= 612787 
TEST=audioparam-setValueCurve-exceptions.html

Review-Url: https://codereview.chromium.org/1995583002
Cr-Commit-Position: refs/heads/master@{#396042}

[modify] https://crrev.com/9e1870e6504d085c7b624ae16f55d03e46dc8ef0/third_party/WebKit/LayoutTests/webaudio/audioparam-setValueCurve-exceptions-expected.txt
[modify] https://crrev.com/9e1870e6504d085c7b624ae16f55d03e46dc8ef0/third_party/WebKit/LayoutTests/webaudio/audioparam-setValueCurve-exceptions.html
[modify] https://crrev.com/9e1870e6504d085c7b624ae16f55d03e46dc8ef0/third_party/WebKit/Source/modules/webaudio/AudioParam.cpp

ClusterFuzz has detected this issue as fixed in range 396024:396053.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4748488696397824

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  ASSERTION FAILED: !std::isnan(static_cast<double>(value))
  float clampTo<float, float>
  blink::AudioParamHandler::setIntrinsicValue
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=396024:396053

Minimized Testcase (0.59 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94fnQvpgUJhI81pVgwPW6zmwoJls_XQ8eEil-kMl6QHN44gO9gpg3rOsCe5hI-v1omwlQ_dS0quJ7Z5rEMpgX5GzURwKj9aWVKblPYgRyA62gjO9rZvF5ItsvX4pLHbfb7Nq_khrideh6bqLf9UbSg7E_ixXA

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

c#4 says the issue is fixed.

Closing.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot