New issue
Advanced search Search tips

Issue 635676 link

Starred by 1 user
Status: Duplicate
Merged: issue 634803
Owner:
bokan@chromium.org
Closed: Aug 2016
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Integer-overflow in blink::operator-

Project Member Reported by ClusterFuzz, Aug 8 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6678886647857152

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::operator-
  blink::FrameView::contentsToFrame
  blink::FrameView::contentsToFrame
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Minimized Testcase (0.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94KR8fcwTAofYusNWRvMK0AU9BrqenwZEDwQjXv4wp0Y6j96ZLyH-oYJwCnKllVpOja_y-u1qW3QKE16FNRQ-2WFsmBm5dpUNS5o3OnNtmURgkTr-bo91Do0Bo1ZqQS_Gopl0ZxgXSesBiK7UPio0nWgZpAXg?testcase_id=6678886647857152

Additional requirements: Requires HTTP

Issue manually filed by: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmohammad@chromium.org, Aug 8 2016

Cc: bokan@chromium.org

Comment 2 by bokan@chromium.org, Aug 9 2016

Cc: -bokan@chromium.org
Owner: bokan@chromium.org
Status: Assigned (was: Untriaged)

Comment 3 by bokan@chromium.org, Aug 11 2016

Mergedinto: 634803
Status: Duplicate (was: Assigned)
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment