Issue metadata
Sign in to add a comment
|
!std::isnan(static_cast<double>(value)) |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6454210921234432 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: !std::isnan(static_cast<double>(value)) int clampTo<int, float> blink::LayoutUnit::LayoutUnit Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=300995:301031 Minimized Testcase (0.23 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96G1TqamHL1Dj2ZhBXz0kaeQ4YwBnkVy82kmQKtTELTgCdjbNRwq8YxlknsS589YeMSHRjbyHVG5aYwTl3qZlf-qK8hMMPjeG5EXL_kbcdteaqfZgiyrPiqnJAihx3xrwA8LLrJmgIdblXeKD4lsmhctFqDZg?testcase_id=6454210921234432 <style> .cue { position: absolute; white-space: pre </style> <span class="cue"> likely will span over several <style> * { writing-mode: vertical-lr; letter-spacing: 170141183460469231731687303715884105727mm; Filer: rnimmagadda See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 15 2016
Levi is no longer working on Chrome. That change only marked the constructor as explicit, the problem has existed since we added support for subpixel layout. Not a security issue and requires content that we've never seen in the wild. Downgrading priority.
,
Jul 15 2016
,
Sep 23 2016
ClusterFuzz has detected this issue as fixed in range 420372:420465. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6454210921234432 Fuzzer: mbarbella_js_mutation_layout Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: !std::isnan(static_cast<double>(value)) int clampTo<int, float> blink::LayoutUnit::LayoutUnit Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=300995:301031 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=420372:420465 Minimized Testcase (0.23 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96G1TqamHL1Dj2ZhBXz0kaeQ4YwBnkVy82kmQKtTELTgCdjbNRwq8YxlknsS589YeMSHRjbyHVG5aYwTl3qZlf-qK8hMMPjeG5EXL_kbcdteaqfZgiyrPiqnJAihx3xrwA8LLrJmgIdblXeKD4lsmhctFqDZg?testcase_id=6454210921234432 <style> .cue { position: absolute; white-space: pre </style> <span class="cue"> likely will span over several <style> * { writing-mode: vertical-lr; letter-spacing: 170141183460469231731687303715884105727mm; See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 23 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rnimmagadda@chromium.org
, Jul 15 2016Labels: -Type-Bug M-54 findit-for-crash Te-Logged Type-Bug-Regression
Owner: le...@chromium.org
Status: Assigned (was: Available)