Issue metadata
Sign in to add a comment
|
Integer-overflow in blink::LayoutBox::foregroundIsKnownToBeOpaqueInRect |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4894551361978368 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::LayoutBox::foregroundIsKnownToBeOpaqueInRect blink::LayoutBox::computeBackgroundIsKnownToBeObscured blink::LayoutObject::boxDecorationBackgroundIsKnownToBeObscured Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (0.24 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96r9b9498M6mtLFktzhDywSqquDPvH2iMepBBBQbSxIPoHulnuftQ53Ag1dezrWfY-NTqChwhPEsvxv6b43V60t4Fdi9QwbXeQwzuR_KPbVxrJfxxMCUKVvlp4Z_7hTmz7D9C5PY-7KpEKgCb6_3s8IM7Wpiw?testcase_id=4894551361978368 <style> * { snap-height: initial; padding: 89px 1728926974px 26px; background-color: ff0000;</style><style> @keyframes cfpulse0 { 0% { opacity: 0.734; } 100% { opacity: 0.8585; border-break: 10% } } * { animation-name: cfpulse8; direction: rtl; Additional requirements: Requires HTTP Filer: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 20 2016
Please mark duplicate with 629932 for all integer-overflow bugs.
,
Jul 20 2016
mummareddy@, sorry, the request in #2 was inaccurate. Please just mark duplicate with bug 629932 if the crash is in operator-() in LayoutUnit.h.
,
Jul 20 2016
I will check the merged bugs and de-duplicate if needed.
,
Jul 20 2016
Duplicated all integer-overflow with issue 629932 . Thank you
,
Jul 20 2016
Alreday duplicated with out seeing your comment. sorry about that. Thanks for de-duplicate.
,
Jul 21 2016
,
Jul 22 2016
ClusterFuzz has detected this issue as fixed in range 406657:406809. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4894551361978368 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::LayoutBox::foregroundIsKnownToBeOpaqueInRect blink::LayoutBox::computeBackgroundIsKnownToBeObscured blink::LayoutObject::boxDecorationBackgroundIsKnownToBeObscured Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=406657:406809 Minimized Testcase (0.24 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96r9b9498M6mtLFktzhDywSqquDPvH2iMepBBBQbSxIPoHulnuftQ53Ag1dezrWfY-NTqChwhPEsvxv6b43V60t4Fdi9QwbXeQwzuR_KPbVxrJfxxMCUKVvlp4Z_7hTmz7D9C5PY-7KpEKgCb6_3s8IM7Wpiw?testcase_id=4894551361978368 <style> * { snap-height: initial; padding: 89px 1728926974px 26px; background-color: ff0000;</style><style> @keyframes cfpulse0 { 0% { opacity: 0.734; } 100% { opacity: 0.8585; border-break: 10% } } * { animation-name: cfpulse8; direction: rtl; Additional requirements: Requires HTTP See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mummare...@chromium.org
, Jul 20 2016Labels: Te-Logged M-52
Owner: wangxianzhu@chromium.org
Status: Assigned (was: Available)