Integer-overflow in blink::IntPoint::move |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5263336596045824 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntPoint::move blink::FrameView::convertFromContainingWidget blink::Widget::convertFromRootFrame Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (0.27 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95Ur19ZRsZdF1aUa8YtjkIeN76zHimBd1aejDZ0nv5RzWMtKc_JyIBg9EeTDKwCmmGkUL5p9PTcwNAm-kAYLcznV-d2kT-Nu1pwlzRUE2VDIOLz5R8lWb1yG9FTqdcOap4qIpMoaei_2g50PNSP3IJUIcwS3g?testcase_id=5263336596045824 LhNhd C <script> document.body.appendChild(document.createElement('iframe')); </script> <style> @keyframes cfpulse1 { 0% { opacity: 0.0003;goldenrod); } 100% { opacity: 0.8975; } } * { animation-name: cfpulse72; motion: path("M 6 -2299370210 h 84 v 41") 55807rad 24px; Issue manually filed by: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 4 2016
This integer overflow is not harmful.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 14 2016
ClusterFuzz has detected this issue as fixed in range 435261:438085. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5263336596045824 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntPoint::move blink::FrameView::convertFromContainingWidget blink::Widget::convertFromRootFrame Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085 Minimized Testcase (0.27 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95Ur19ZRsZdF1aUa8YtjkIeN76zHimBd1aejDZ0nv5RzWMtKc_JyIBg9EeTDKwCmmGkUL5p9PTcwNAm-kAYLcznV-d2kT-Nu1pwlzRUE2VDIOLz5R8lWb1yG9FTqdcOap4qIpMoaei_2g50PNSP3IJUIcwS3g?testcase_id=5263336596045824 LhNhd C <script> document.body.appendChild(document.createElement('iframe')); </script> <style> @keyframes cfpulse1 { 0% { opacity: 0.0003;goldenrod); } 100% { opacity: 0.8975; } } * { animation-name: cfpulse72; motion: path("M 6 -2299370210 h 84 v 41") 55807rad 24px; See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||
►
Sign in to add a comment |
|||
Comment 1 by mummare...@chromium.org
, Aug 4 2016Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)