Integer-overflow in blink::operator- |
||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4997000351449088 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::operator- blink::PartPainter::paintContents blink::LayoutPart::paintContents Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=410031:410187 Minimized Testcase (0.41 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Gneb0eZPg-yovcqxbqk0nl657qbc5qxYxmZzRwDQMIT0FyKMl9lKNfQPHHE53XlL3dWWUEI1Wwnu8YRGfcWNhp722phbvtJFeTyHsVWukmUVegRb9iFNZLV58sAGULAIP8AFIi1EXV2oXI5andB1hrF1GlQ?testcase_id=4997000351449088 Additional requirements: Requires HTTP Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 14 2016
The HTML contains some crazy big number. Of course it's going to overflow. |
||
►
Sign in to add a comment |
||
Comment 1 by msrchandra@chromium.org
, Dec 14 2016Labels: Test-Predator-Correct-CLs
Owner: trchen@chromium.org
Status: Assigned (was: Untriaged)