New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 629031 link

Starred by 1 user
Status: WontFix
Owner:
y...@yoav.ws
Last visit > 30 days ago
Closed: Dec 2016
Cc:
brajkumar@chromium.org
style-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in blink::compareAspectRatioValue

Project Member Reported by ClusterFuzz, Jul 18 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5792937304915968

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::compareAspectRatioValue
  blink::aspectRatioMediaFeatureEval
  blink::MediaQueryEvaluator::eval
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Minimized Testcase (20.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv943j3g5wCNv4RH8DI-7lA15g0LHCPlxPdHVtCgcHIddmzL9IXmQcw46ZxZCJ02K3nUQsY20LGb6unfF7YveZ9o6NYHFTsOAgsNjWGITp3xmFD6yVA3O8QwW4qTp04SnUdgI5ILcJFpPC3OW319Ctau0Ht_hmNhorlsq-m8W1Gf_dmWoZqA?testcase_id=5792937304915968

Additional requirements: Requires HTTP

Filer: brajkumar

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by brajkumar@chromium.org, Jul 18 2016

Labels: findit-for-crash Te-Logged
Owner: dgozman@chromium.org
Status: Assigned (was: Available)
No CL in the regression range changes the crashed files. The result is the blame information.

Author: dgozman
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7cb1e690280683811b7ca034d5ac9090927a9398
Time: Thu Jan 14 03:55:39 2016
The CL last changed line 234 of file StyleResolver.cpp, which is stack frame 


Suspected Project: chromium
Suspected Component: Blink>CSS
=======================
dgozman@: Could you please look into this issue if it is related to your change, else please help us in assigning it to the right owner.

Thanks!

Comment 2 by dgozman@chromium.org, Jul 18 2016

Cc: brajkumar@chromium.org
Owner: y...@yoav.ws

Comment 3 by y...@yoav.ws, Jul 19 2016 

I have no permissions to access the test case. Can you past it here? (and should we change this issue to a security sensitive one?)

Comment 4 by dstockwell@chromium.org, Aug 11 2016

Components: Blink>CSS
Labels: -ClusterFuzz -findit-for-crash Clusterfuzz Findit-for-crash
@brajkumar, don't forget to add the suspected component.

Comment 5 by infe...@chromium.org, Oct 11 2016

Labels: Pri-2
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 7 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5792937304915968 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment