Issue 640071 link

Starred by 4 users

Issue metadata

Status:	WontFix
Owner:	e...@chromium.org
Closed:	Oct 2016
Cc:	█ wkorman@chromium.org vmp...@chromium.org
Components:	Blink>Layout Blink>Paint
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
ClusterFuzz-Verified

Blocking:
issue 634511
issue 645570

Switch IntRect/IntPoint/IntSize to use saturated arithmetic

Project Member Reported by pdr@chromium.org, Aug 23 2016

Issue description

Overflowing IntRect has been a frequent source of crashes, frequently related to security (634511, 635799, others). We should switch IntRect, IntSize, and IntPoint to use saturated arithmetic.

Comment 1 by pdr@chromium.org, Aug 23 2016

Blocking: 634511

Comment 2 by pdr@chromium.org, Aug 23 2016

Labels: -Pri-2 Pri-1

Comment 3 by e...@chromium.org, Aug 23 2016

 Issue 638419  has been merged into this issue.

Comment 4 by e...@chromium.org, Aug 23 2016

Cc: e...@chromium.org

Comment 5 by e...@chromium.org, Aug 24 2016

Cc: -e...@chromium.org
Owner: e...@chromium.org
Status: Assigned (was: Available)

Comment 6 by xidac...@chromium.org, Sep 13 2016

Blocking: 645570

Comment 7 by xidac...@chromium.org, Sep 13 2016

Blocking: -645570

Comment 8 by xidac...@chromium.org, Sep 13 2016

Blocking: 645570

 Issue 645570  has been merged into this issue.

Comment 9 by qin...@chromium.org, Sep 19 2016

 Issue 648220  has been merged into this issue.

Comment 10 by e...@chromium.org, Sep 21 2016

Labels: -Pri-1 Pri-2
Status: Available (was: Assigned)

Comment 11 by e...@chromium.org, Sep 25 2016

 Issue 649227  has been merged into this issue.

Project Member

Comment 12 by ClusterFuzz, Oct 6 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 13 by pdr@chromium.org, Oct 10 2016

Cc: wkorman@chromium.org
Status: Assigned (was: Verified)

Not yet fixed, but soon!

Comment 14 by e...@chromium.org, Oct 20 2016

Status: WontFix (was: Assigned)

Comment 15 by skobes@chromium.org, Oct 31 2016

 Issue 658811  has been merged into this issue.

Comment 16 by skobes@chromium.org, Nov 13 2016

 Issue 634791  has been merged into this issue.

Issue 640071 link

Issue metadata

Switch IntRect/IntPoint/IntSize to use saturated arithmetic

Issue description

Comment 1 by pdr@chromium.org, Aug 23 2016

Comment 1 Deleted

Comment 2 by pdr@chromium.org, Aug 23 2016

Comment 2 Deleted

Comment 3 by e...@chromium.org, Aug 23 2016

Comment 3 Deleted

Comment 4 by e...@chromium.org, Aug 23 2016

Comment 4 Deleted

Comment 5 by e...@chromium.org, Aug 24 2016

Comment 5 Deleted

Comment 6 by xidac...@chromium.org, Sep 13 2016

Comment 6 Deleted

Comment 7 by xidac...@chromium.org, Sep 13 2016

Comment 7 Deleted

Comment 8 by xidac...@chromium.org, Sep 13 2016

Comment 8 Deleted

Comment 9 by qin...@chromium.org, Sep 19 2016

Comment 9 Deleted

Comment 10 by e...@chromium.org, Sep 21 2016

Comment 10 Deleted

Comment 11 by e...@chromium.org, Sep 25 2016

Comment 11 Deleted

Comment 12 by ClusterFuzz, Oct 6 2016

Comment 12 Deleted

Comment 13 by pdr@chromium.org, Oct 10 2016

Comment 13 Deleted

Comment 14 by e...@chromium.org, Oct 20 2016

Comment 14 Deleted

Comment 15 by skobes@chromium.org, Oct 31 2016

Comment 15 Deleted

Comment 16 by skobes@chromium.org, Nov 13 2016

Comment 16 Deleted

Comment 17 by ClusterFuzz, Mar 16 2017

Comment 17 Deleted

Sign in to add a comment