Issue metadata
Sign in to add a comment
|
Floating-point-exception in blink::LayoutMultiColumnSet::pageRemainingLogicalHeightForOffset |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5056434472747008 Fuzzer: bj_broddelwerk Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Floating-point-exception Crash Address: Crash State: blink::LayoutMultiColumnSet::pageRemainingLogicalHeightForOffset blink::LayoutFlowThread::pageRemainingLogicalHeightForOffset blink::LayoutBox::pageRemainingLogicalHeightForOffset Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=435881:435933 Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97lAe4RC-AKpkVj2coDL6Bzou8sS6b93V7ArfnIFWBNk9zx-tP3usT-Dp5aGTDKxHtGTjIbPrY7C_qFeListPZkBLsR4jl9DntMVhcWjGCgCm6dBAFq75GLBYi-mVdoqW0mMjzfDcXM3gugPY6aTnIueMLdDQ?testcase_id=5056434472747008 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 3 2016
Author: mstensho Project: chromium Changelist: https://chromium.googlesource.com/chromium/src/+/506506eac78a8106c4e92866a59b8c724ddc8b88 Time: Fri Dec 02 11:50:25 2016 Lines 1620-1628, 2091-2095 of file LayoutBlockFlow.cpp which potentially caused crash are changed in this cl (frame #4, "blink::LayoutBlockFlow::adjustedMarginBeforeForPagination"; frame #5, "blink::LayoutBlockFlow::estimateLogicalTopPosition"). Minimum distance from crash line to modified line: 0. (file: LayoutBlockFlow.cpp, crashed on: 2091, modified: 2091).
,
Dec 5 2016
,
Dec 5 2016
,
Dec 8 2016
ClusterFuzz has detected this issue as fixed in range 436997:437094. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5056434472747008 Fuzzer: bj_broddelwerk Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Floating-point-exception Crash Address: Crash State: blink::LayoutMultiColumnSet::pageRemainingLogicalHeightForOffset blink::LayoutFlowThread::pageRemainingLogicalHeightForOffset blink::LayoutBox::pageRemainingLogicalHeightForOffset Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=435881:435933 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=436997:437094 Minimized Testcase (0.36 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97lAe4RC-AKpkVj2coDL6Bzou8sS6b93V7ArfnIFWBNk9zx-tP3usT-Dp5aGTDKxHtGTjIbPrY7C_qFeListPZkBLsR4jl9DntMVhcWjGCgCm6dBAFq75GLBYi-mVdoqW0mMjzfDcXM3gugPY6aTnIueMLdDQ?testcase_id=5056434472747008 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ajha@chromium.org
, Dec 3 2016Labels: M-57