Issue metadata
Sign in to add a comment
|
Integer-overflow in blink::operator- |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6678886647857152 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::operator- blink::FrameView::contentsToFrame blink::FrameView::contentsToFrame Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (0.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94KR8fcwTAofYusNWRvMK0AU9BrqenwZEDwQjXv4wp0Y6j96ZLyH-oYJwCnKllVpOja_y-u1qW3QKE16FNRQ-2WFsmBm5dpUNS5o3OnNtmURgkTr-bo91Do0Bo1ZqQS_Gopl0ZxgXSesBiK7UPio0nWgZpAXg?testcase_id=6678886647857152 Additional requirements: Requires HTTP Issue manually filed by: mmohammad See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 9 2016
,
Aug 11 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mmohammad@chromium.org
, Aug 8 2016