Integer-overflow in blink::IntRect::maxY |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5308814091091968 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntRect::maxY normalizeRect blink::parseOptions Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=371316:371341 Minimized Testcase (0.25 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94-fLw7ja9R8qaUsygJ9E8s_pwKxD_ZpOtZ5NELEo6qfECJLIYWu1-PoCxAyc41Srg9b6iuhLpPQ-Ox9tYrHPJrYYNLoTfgdEDqk4u01S1bcyKnM60_rFlLqdZVgF0aaQ-XftkMcA9QaIwzpcXDRmj5VU82RA?testcase_id=5308814091091968 <script> video = document.createElement("video"); video.addEventListener("canplaythrough", videoLoaded); video.src = "../../compositing/resources/video.ogv"; function videoLoaded() { var p3 = createImageBitmap(video, 50, 2147483589, 100, 100); } </script> Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 9 2016
The concern over this issue is not high. So mark it as won't fix.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by msrchandra@chromium.org
, Nov 1 2016Components: Blink>Image
Labels: findit-wrong
Owner: xidac...@chromium.org
Status: Assigned (was: Untriaged)