Issue metadata
Sign in to add a comment
|
Integer-overflow in position_cluster |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4531342836760576 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: position_cluster _hb_ot_shape_fallback_position hb_ot_shape_internal Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (0.16 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv978-uAaiPxp4PZ2P3pxvAGABJLtrZ7MVuvRDl_tLdrPbNm5fqMXDoofVl_h3UXUmdDc6fZ48oyx3q-L2zLl_NaYdNCVId9pwRGHsLn3QgVTHY1XhKu1wAcOL4g4SjamHVkTMX4ArvUxom4zyur9G5PdXyhPHA?testcase_id=4531342836760576 <h2 id=tCF3>z:ᷤX3FG=G%`킆<style> .c17 { box-decoration-break: slice; font-size: 43234ex;</style><script> tCF3.setAttribute("class", "c17"); </script> Issue manually filed by: ranjitkan See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 7 2016
behdad@, could you take a look?
,
Aug 25 2016
ClusterFuzz has detected this issue as fixed in range 413791:414128. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4531342836760576 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: position_cluster _hb_ot_shape_fallback_position hb_ot_shape_internal Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=413791:414128 Minimized Testcase (0.16 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv978-uAaiPxp4PZ2P3pxvAGABJLtrZ7MVuvRDl_tLdrPbNm5fqMXDoofVl_h3UXUmdDc6fZ48oyx3q-L2zLl_NaYdNCVId9pwRGHsLn3QgVTHY1XhKu1wAcOL4g4SjamHVkTMX4ArvUxom4zyur9G5PdXyhPHA?testcase_id=4531342836760576 <h2 id=tCF3>z:ᷤX3FG=G%`킆<style> .c17 { box-decoration-break: slice; font-size: 43234ex;</style><script> tCF3.setAttribute("class", "c17"); </script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 25 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ranjitkan@chromium.org
, Aug 5 2016Components: Tools>Test>FindIt>CorrectResult
Labels: -Pri-1 -Type-Bug M-54 Findit-for-crash Te-Logged Pri-2 Type-Bug-Regression
Owner: bashi@chromium.org
Status: Assigned (was: Untriaged)