Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 433020:433158.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5048850575523840

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  toAlphabetic<unsigned
  toAlphabetic<unsigned
  blink::ListMarkerText::text
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=431480:431542
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=433020:433158

Minimized Testcase (0.22 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95mE2Hf0v2xeOO5nJWt57-b_pwtth-CEqhbTWB-hjTLwSj0CEWTY8KxYN4rNz3o110rUPuK4Tm8KPn0RoQ8udTX1yQlBwdNjSX4msPqS4_vBfAyniJ32vJpRtAiffVEPHsRYR3RtNit2OEojfkEBaOv74NpXw?testcase_id=5048850575523840
<style>
.class8 { background-position: 0 93%; list-style-type: khmer;</style>
<script>
function jsfuzzer() {
 htmlvar00009.start = 2147483648; 
}
</script>
<body onload=jsfuzzer()>
<ol id="htmlvar00009" class="class8">
<li>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.