New issue
Advanced search Search tips

Issue 635418 link

Starred by 1 user
Status: Duplicate
Merged: issue 637044
Owner:
esprehn@chromium.org
Closed: Aug 2016
Cc:
ajha@chromium.org
yutak@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Undefined-shift in double WTF::toDoubleType<unsigned char,

Project Member Reported by ClusterFuzz, Aug 8 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5547181018972160

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  double WTF::toDoubleType<unsigned char,
  blink::MediaControlVolumeSliderElement::setVolume
  blink::MediaControls::updateVolume
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Minimized Testcase (0.26 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96BPPLZ1FGPd2ZR_QBrCYKl3RQp1mF1z8ViToStDM0vpZXsAvmodiILs2itRCJJRURNlTgsC_WhYs8YQxbQ_c-H78DUB8-w4cbLHkBR82N6b-jOQ2O_yvnGyzEJRVItsibVUlSwX2MwGEcLQfRrGLVQPh2SGA?testcase_id=5547181018972160
<script src=../resources/testharness.js></script>
<script src=media-file.js></script>
<video><script>
async_test(function(t) {
    var video = document.querySelector("video");
    video.volume = Number.MIN_VALUE;
    video.src = findMediaFile("video");
});
</script>


Issue manually filed by: ajha

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ajha@chromium.org, Aug 8 2016

Cc: -ajha@google.com ajha@chromium.org
Components: Blink>Internals>WTF
Labels: Te-Logged M-53
Owner: esprehn@chromium.org
Status: Assigned (was: Untriaged)
Find it result:
===============
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: commit-queue@webkit.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/663104998a680d18be9af4f2fc8c42975924daa4
Time: Fri Sep 02 22:09:34 2011
The CL last changed line 271 of file strtod.cc, which is stack frame 0.

Author: commit-queue@webkit.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/663104998a680d18be9af4f2fc8c42975924daa4
Time: Fri Sep 02 22:09:34 2011
The CL last changed line 437 of file strtod.cc, which is stack frame 1.

Author: commit-queue@webkit.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/663104998a680d18be9af4f2fc8c42975924daa4
Time: Fri Sep 02 22:09:34 2011
The CL last changed line 596 of file double-conversion.cc, which is stack frame 2.

Author: darin@apple.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/f5f3eda2db7e790c6307747cabbe2552c533fa59
Time: Fri Apr 06 17:31:54 2012
The CL last changed line 48 of file dtoa.h, which is stack frame 3.

Author: esprehn
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7dc7c0fc073b84f3050726b52ceec1bbcb304ba3
Time: Fri Jun 10 04:35:59 2016
The CL last changed line 217 of file StringToNumber.cpp, which is stack frame 4.

Author: esprehn
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7dc7c0fc073b84f3050726b52ceec1bbcb304ba3
Time: Fri Jun 10 04:35:59 2016
The CL last changed line 233 of file StringToNumber.cpp, which is stack frame 5.

Author: philipj@opera.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/06aeacf373d108410abfb23c30d90b6c45337ae0
Time: Thu Mar 06 04:22:08 2014
The CL last changed line 695 of file MediaControlElements.cpp, which is stack frame 6.

Suspected Project: chromium

esprehn@[chromium//src/third_party/WebKit/Source/wtf/OWNERS]: Could you please take a look and help in investigating this further as none of the changes from the code search and above find it result looks related.

Appreciate your help!

Comment 2 by esprehn@chromium.org, Aug 17 2016

Mergedinto: 637044
Status: Duplicate (was: Assigned)
Project Member

Comment 3 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment