New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 660648 link

Starred by 1 user
Status: WontFix
Owner:
xidac...@chromium.org
Closed: Nov 2016
Cc:
msrchandra@chromium.org
mbarowsky+blinkimage@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in blink::IntRect::maxY

Project Member Reported by ClusterFuzz, Oct 29 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5308814091091968

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::IntRect::maxY
  normalizeRect
  blink::parseOptions
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=371316:371341

Minimized Testcase (0.25 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94-fLw7ja9R8qaUsygJ9E8s_pwKxD_ZpOtZ5NELEo6qfECJLIYWu1-PoCxAyc41Srg9b6iuhLpPQ-Ox9tYrHPJrYYNLoTfgdEDqk4u01S1bcyKnM60_rFlLqdZVgF0aaQ-XftkMcA9QaIwzpcXDRmj5VU82RA?testcase_id=5308814091091968
<script>
video = document.createElement("video");
video.addEventListener("canplaythrough", videoLoaded);
video.src = "../../compositing/resources/video.ogv";
function videoLoaded() {
    var p3 = createImageBitmap(video, 50, 2147483589, 100, 100);
}
</script>


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Nov 1 2016

Cc: msrchandra@chromium.org
Components: Blink>Image
Labels: findit-wrong
Owner: xidac...@chromium.org
Status: Assigned (was: Untriaged)
Unable to find the culprit using find it.
From the regressed CL, providing the issue to concerned owner,
https://chromium.googlesource.com/chromium/src/+log/d92276bd267ec72a0aa1d661be7c47c6d3c82e7d..209cd7deba6500a0dc82ffbd48bc9522cdf9c1b2?pretty=fuller

Suspected Commit# 	aa3e16a6a6cdec7d99a1741ebad75618909ccca7	
Suspected Review URL# https://codereview.chromium.org/1636633002

@xidachen -- Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible assign it to appropriate owner.
Thank You.

Comment 2 by xidac...@chromium.org, Nov 9 2016

Status: WontFix (was: Assigned)
The concern over this issue is not high. So mark it as won't fix.
Project Member

Comment 3 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment