Issue metadata
Sign in to add a comment
|
Integer-overflow in int WTF::toIntegralType<int, unsigned char> |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6441203403063296 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: int WTF::toIntegralType<int, unsigned char> blink::CSSSelectorParser::consumeANPlusB blink::CSSSelectorParser::consumePseudo Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (0.12 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv9776UMEPX7USTJhwXjly56i5zxkCAuFLmBoGl5zx2GQK_1YXJmz5GsPsyxC74XfUgSFlyTmjrqT_7jTi4Yxfqq_69LleKnjG0O0dA5Q62cCdDLVjqfpJJWXVagIrP1JmeTedPTYZ9IWYXiB4Dx-a6ZiUUFAQw?testcase_id=6441203403063296 <style>no count <= 1 can match anything */ li:nth-last-child(2147483647) { } li:nth-last-child(-2147483648n-2147483648) { Additional requirements: Requires HTTP Filer: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 20 2016
,
Jul 20 2016
,
Jul 21 2016
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mummare...@chromium.org
, Jul 20 2016Labels: Te-Logged M-52
Owner: yutak@chromium.org