New issue
Advanced search Search tips

Issue 626994 link

Starred by 1 user
Status: Verified
Owner:
alancutter@chromium.org
Closed: Jul 2016
Cc:
nyerramilli@chromium.org
style-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug



Sign in to add a comment

ASSERTION FAILED: !std::isnan(static_cast<double>(value))

Project Member Reported by ClusterFuzz, Jul 11 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5287112748564480

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !std::isnan(static_cast<double>(value))
  int clampTo<int, float>
  blink::LayoutUnit::fromFloatFloor
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=340068:340069

Minimized Testcase (2.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94p_ETSti3kH0OTwxGq_Jc3lNX1FmICODNBTSx5DjcH-9HV8440K34HxJqEEjNIRGv25QmbQw4yHWaT-kZ1DImrlKtPgoU2ug0Ej_p90aiBe6VjuLOoBS3b0pOmDSOfdkub1RpbpXxnK1ezv0uE1nyipLiZ_A?testcase_id=5287112748564480

Filer: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by nyerramilli@chromium.org, Jul 11 2016

Cc: nyerramilli@chromium.org
Components: Tools>Test>FindIt>WrongResult
Labels: findit-wrong Te-Logged M-52
Owner: alancutter@chromium.org
Status: Assigned (was: Available)
providing findit results for internal purpose:

Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: bokan@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/ba05b7911b6c76eac70ba55263d8929a4962b236
Time: Thu Oct 23 20:05:30 2014
The CL last changed line 283 of file MathExtras.h, which is stack frame 0.

Author: pkasting@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/cc186ed9f09844abb68dcae97604fbdb52344025
Time: Mon Oct 13 20:04:47 2014
The CL last changed line 83 of file LayoutUnit.h, which is stack frame 1.

Author: eae@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/70e39074ac4ebdf18d406fbd56a5ddde4c8e989e
Time: Wed Nov 07 18:33:44 2012
The CL last changed line 214 of file LayoutPoint.h, which is stack frame 2.

Author: eae@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/70e39074ac4ebdf18d406fbd56a5ddde4c8e989e
Time: Wed Nov 07 18:33:44 2012
The CL last changed line 194 of file LayoutRect.cpp, which is stack frame 3.

Author: eae@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/70e39074ac4ebdf18d406fbd56a5ddde4c8e989e
Time: Wed Nov 07 18:33:44 2012
The CL last changed line 790 of file TransformationMatrix.cpp, which is stack frame 4.

Author: hyatt@apple.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/da49e01506c8f78eb2edadfdf8934cd4a7ef7f08
Time: Mon Dec 06 20:03:43 2010
The CL last changed line 4394 of file LayoutBox.cpp, which is stack frame 5.

Author: eae@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/b9ba1a545f769d28174b9ab0a330a49275575cdc
Time: Thu Aug 18 06:37:30 2011
The CL last changed line 4368 of file LayoutBox.cpp, which is stack frame 6.

Suspected Project: chromium-blink

using codesearch seeing some recent changes to 'LayoutBox.cpp' in https://chromium.googlesource.com/chromium/src/+/a46d892723fe86a7f49113c46e3c40c2343724ce

alancutter@, Could you please take a look at the issue and assign it to concerned developer if your changes are not responsible?

Comment 2 by alancutter@chromium.org, Jul 11 2016

Components: -Tools>Test>FindIt>WrongResult Blink>Animation
Summary: ASSERTION FAILED: !std::isnan(static_cast<double>(value)) (was: !std::isnan(static_cast<double>(value)))

Comment 3 by alancutter@chromium.org, Jul 11 2016

Components: -Blink>Animation Blink>CSS
Labels: -OS-Linux OS-All
Turns out this isn't animation related, smaller test case:
<style>
body {
  motion: path("M 2 9223372036854775640 h 112 v 18446744073709551478") 170141183460469231731687303715884105727rad 44px;
}
</style>
Project Member

Comment 4 by ClusterFuzz, Jul 12 2016 

ClusterFuzz has detected this issue as fixed in range 404631:404810.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5287112748564480

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  !std::isnan(static_cast<double>(value))
  int clampTo<int, float>
  blink::LayoutUnit::fromFloatFloor
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=340068:340069
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=404631:404810

Minimized Testcase (2.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94p_ETSti3kH0OTwxGq_Jc3lNX1FmICODNBTSx5DjcH-9HV8440K34HxJqEEjNIRGv25QmbQw4yHWaT-kZ1DImrlKtPgoU2ug0Ej_p90aiBe6VjuLOoBS3b0pOmDSOfdkub1RpbpXxnK1ezv0uE1nyipLiZ_A?testcase_id=5287112748564480

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by ClusterFuzz, Jul 12 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment