Integer-overflow in blink::IntRect::inflateX |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4747045435080704 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntRect::inflateX blink::ObjectPainter::paintOutline blink::InlinePainter::paint Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (0.52 Kb): https://cluster-fuzz.appspot.com/download/AMIfv954yHUbn7lHTBBmHpA_-Sgs3DAl4Sk5v8iar7A0m7H5IX8zdpQoAtAXqre9bQ1OCed6DDZyKbAcevlY-qzWV5VhDJB-hW-AWKt-I00ByEmwBO_P6EK05WO-sAAUo1GOd7Of6KmB54EGRyqE9Akc38IayLAZug?testcase_id=4747045435080704 Issue manually filed by: kavvaru See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 27 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 14 2016
Issue 666058 has been merged into this issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by kavvaru@chromium.org
, Sep 27 2016Labels: M-54 Findit-for-crash Te-Logged
Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)