New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 645570 link

Starred by 1 user
Status: Duplicate
Merged: issue 640071
Owner:
xidac...@chromium.org
Closed: Sep 2016
Cc:
junov@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug

Blocked on:
issue 640071


Sign in to add a comment

Integer-overflow in blink::IntRect::maxX

Project Member Reported by ClusterFuzz, Sep 9 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5774431618334720

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::IntRect::maxX
  blink::BaseRenderingContext2D::putImageData
  blink::CanvasRenderingContext2DV8Internal::putImageDataMethodCallback
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=407167:409418

Minimized Testcase (0.41 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97smFNmI5_CxgPcJbUVS0Xfl3a00jG_yvBFzZJQedjYV4L5-tl_S95VBR3Rf5d5qvbLV1uWsCDoR3U3xfM7ay20xWWQ2tyAOOAMQNzVMchE96lJrX0-PQdLjFyckkyIMYSVARze1lfsoDghEsqcFXva-CtUXg?testcase_id=5774431618334720

Issue manually filed by: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmohammad@chromium.org, Sep 9 2016

Cc: junov@chromium.org
Owner: senorblanco@chromium.org
Status: Assigned (was: Untriaged)
senorblanco @ / junov@ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

Comment 2 by senorblanco@chromium.org, Sep 13 2016

Cc: -junov@chromium.org
Components: Blink>Canvas
Owner: junov@chromium.org
Justin, this seems to be canvas-related. Could you triage?

Comment 3 by xidac...@chromium.org, Sep 13 2016

Cc: junov@chromium.org
Owner: xidac...@chromium.org

Comment 4 by xidac...@chromium.org, Sep 13 2016

Blockedon: 640071

Comment 5 by xidac...@chromium.org, Sep 13 2016

Blockedon: 640071

Comment 6 by xidac...@chromium.org, Sep 13 2016

Blockedon: -640071
Mergedinto: 640071
Status: Duplicate (was: Assigned)
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment