Integer-overflow in ratio |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5822270557913088 Fuzzer: libfuzzer_string_to_int_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: ratio dmg_fp::strtod base::StringToDouble Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=416034:416198 Minimized Testcase (2.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97A0zil3IIGxlwpAVAaeLU4Zu7Atfkm-wBuavcIx2Gd5ZZOZyt4hkcUXVHUC-txEX7-2Jp2ht60HjYAj257gFl3VgTITDEIhSCbjNqFKJIk5LiVJiDnYE5rbdjvKCVZuHEAmyGsy-DH4hU2ZGlVDGESVlWV9w?testcase_id=5822270557913088 Issue manually filed by: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 7 2016
We want to just kill dmg_fp, see bug 593512 among others. We are getting a rapidly-increasing number of fuzzing reports about it. I would support duping everything into one "kill dmg_fp" bug and then actually killing it. Hopefully strtod() is good enough by now.
,
Sep 25 2016
ClusterFuzz has detected this issue as fixed in range 420821:420836. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5822270557913088 Fuzzer: libfuzzer_string_to_int_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: ratio dmg_fp::strtod base::StringToDouble Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=416034:416198 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=420821:420836 Minimized Testcase (2.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97A0zil3IIGxlwpAVAaeLU4Zu7Atfkm-wBuavcIx2Gd5ZZOZyt4hkcUXVHUC-txEX7-2Jp2ht60HjYAj257gFl3VgTITDEIhSCbjNqFKJIk5LiVJiDnYE5rbdjvKCVZuHEAmyGsy-DH4hU2ZGlVDGESVlWV9w?testcase_id=5822270557913088 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 25 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 27 2016
This should be fixed by http://crrev.com/2364123002
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmoroz@chromium.org
, Sep 7 2016Owner: pkasting@chromium.org