Issue metadata
Sign in to add a comment
|
Integer-overflow in daysFrom1970ToYear |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6331930226458624 Fuzzer: inferno_webbot Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: daysFrom1970ToYear blink::Document::lastModified lastModifiedAttributeGetter Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (0.09 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv977IRu_hFVFyuoRaQWj7y2fGtm811-vbgcDHJ8bWR9dNxeF_3WhlnC0k_Ro01xpLW5y1HiFroaOhX7SMBMcvAkWz8sb4Xst-24KhNjhzl22fvooiiARyIVEmO_XW0pxVahUbgyvZaswFno_CVYaAAPAT-actg?testcase_id=6331930226458624 <script> window.open("http://zone-game.info"); window.location = "http://hanja114.org";</script> Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 8 2016
https://chromium.googlesource.com/chromium/src/+/b68f48701966427c18cbb63e3a15e7dda4fa19a4 is a comment-only change, it didn't modify any code.
,
Dec 12 2016
@thakis -- Thank You for the update. Unable to find the suspect from find it, CL and Code Search. Could some one please look into the issue and update. Thank You.
,
Dec 13 2016
,
Dec 14 2016
ClusterFuzz has detected this issue as fixed in range 435261:438085. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6331930226458624 Fuzzer: inferno_webbot Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: daysFrom1970ToYear blink::Document::lastModified lastModifiedAttributeGetter Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085 Minimized Testcase (0.09 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv977IRu_hFVFyuoRaQWj7y2fGtm811-vbgcDHJ8bWR9dNxeF_3WhlnC0k_Ro01xpLW5y1HiFroaOhX7SMBMcvAkWz8sb4Xst-24KhNjhzl22fvooiiARyIVEmO_XW0pxVahUbgyvZaswFno_CVYaAAPAT-actg?testcase_id=6331930226458624 <script> window.open("http://zone-game.info"); window.location = "http://hanja114.org";</script> See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 14 2016
ClusterFuzz testcase 6331930226458624 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 14 2016
I'm guessing that this was not really fixed.
,
Dec 19 2016
Document::lastModified():
const AtomicString& httpLastModified =
documentLoader->response().httpHeaderField(HTTPNames::Last_Modified);
if (!httpLastModified.isEmpty()) {
date.setMillisecondsSinceEpochForDateTime(
convertToLocalTime(parseDate(httpLastModified)));
parseDate() can return NaN, and convertToLocalTime() doesn't support it.
,
Mar 8 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by msrchandra@chromium.org
, Dec 8 2016Labels: Test-Predator-Wrong-CLs
Owner: thakis@chromium.org
Status: Assigned (was: Untriaged)