New issue
Advanced search Search tips

Issue 629733 link

Starred by 1 user
Status: WontFix
Owner:
schenney@chromium.org
Closed: Dec 2016
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in blink::operator-

Project Member Reported by ClusterFuzz, Jul 20 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6422464771129344

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::operator-
  blink::enclosingIntRect
  blink::TransformationMatrix::mapRect
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Minimized Testcase (0.12 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94nB6tooTBfl6HRQADUO91ISR1jd8n6sBevNTXX-08K2XcAGatZAiO6MKgrCSTQoYoChXT_7hl5Pb2IfJzZLG4lhAsDFT3roZyxsHicLP-2urpVbHOawWYrgsv5KWfl55UCyfT-GejFA_Rs4W9IriXhNqTl6w?testcase_id=6422464771129344
<embed src=simple_blank.swf>
<style>
* { animation-name: cfpulse96; transform: translate(74px, 5px) scale(97.4309864121);


Additional requirements: Requires HTTP

Filer: brajkumar

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by brajkumar@chromium.org, Jul 20 2016

Labels: findit-for-crash Te-Logged
Owner: chrishtr@chromium.org
Status: Assigned (was: Available)
No CL in the regression range changes the crashed files. The result is the blame information.

Author: chrishtr
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/05953c442a6d3a9dd96bc4bb36c27f0dec5ef008
Time: Sat Jun 25 00:10:26 2016
The CL last changed line 2063 of file LayoutBox.cpp, which is stack frame 3.

Suspected Project: chromium
=============================
chrishtr@: Could you please look into this issue if it is related to your change, else please help us in assigning it to the right owner.

Thanks!

Comment 2 by chrishtr@chromium.org, Aug 11 2016

Labels: -ClusterFuzz -findit-for-crash Clusterfuzz Findit-for-crash
Owner: schenney@chromium.org

Comment 3 by infe...@chromium.org, Oct 11 2016

Labels: Pri-2
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)
ClusterFuzz testcase 6422464771129344 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment