Issue metadata
Sign in to add a comment
|
Integer-overflow in blink::IntRect::maxX |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6748668272312320 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntRect::maxX blink::IntRect::intersects blink::WebPluginContainerImpl::paint Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=419707:419720 Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95CtK0vqCP5SLDzNGIj1M_0cL4QxH887fzLtmAk1UMv_v1aJyvztOjJ-cdeLKA-6ckvREb-CGpzUkmmDh8ttgGq6Uhns-lFOFFL6VhVulUvT7uXLOyANcEq3YKENCmd-R6_XqzlpD6Au2zQeT2tO8G6Lem1PQ?testcase_id=6748668272312320 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 14 2016
Using Code Search for the file, "IntRect.cpp" assigning to the concern owner. Suspecting the Commit# https://chromium.googlesource.com/chromium/src/+/7d87acb1c709a75cc6859bd75960744ee612d7bf @wangxianzhu -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Dec 14 2016
Currently we don't fix integer-overflow in all IntRects operations. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by msrchandra@chromium.org
, Nov 17 2016Labels: Needs-triage