Float-cast-overflow in blink::ScrollbarTheme::thumbPosition |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5631415787192320 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::ScrollbarTheme::thumbPosition thumbPosition blink::Scrollbar::offsetDidChange Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085 Minimized Testcase (3.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94hiVBhD8rCOS2G_V5axNXRxYSOhSG8NCt4NoTTuAtFLOV-Q6pA6dgKuuYhyR5npvFxaEelaHCWUnN-Uvrg25fE3vQGRroNNd-mKYvJmYCG648WGocuUTHx55vTf6onU_9vNWkUW0QT-Kgq3BpimAX-vLleXA?testcase_id=5631415787192320 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 19 2016
Using Find it results, assigning the issue to concern owner. The result is a list of CLs that change the crashed files. Author: lukasza Project: chromium Changelist: https://chromium.googlesource.com/chromium/src/+/3d4638361677cd371c0cea2030499a00c5e8ad13 Time: Fri Dec 02 16:53:36 2016 Lines 280-281 of file ScrollableArea.cpp which potentially caused crash are changed in this cl (frame #3, "blink::ScrollableArea::scrollOffsetChanged"). Files LayoutBlockFlow.cpp, PaintLayerScrollableArea.cpp, Scrollbar.cpp are changed in this cl (and is part of stack frame #6, "blink::LayoutBlockFlow::layoutBlock") Minimum distance from crash line to modified line: 0. (file: ScrollableArea.cpp, crashed on: 280, modified: 280). @lukasza -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Dec 19 2016
wangxianzhu@, could you please take a look? I see that you've made some fixes in this area in https://crrev.com/1202583003. FWIW, r435956 (mentioned in #c2) was just a mechanical rename and it shouldn't have affected the product code behavior.
,
Dec 19 2016
+skobes@ to CC (because I see that you've also made some fixes in this area in https://crrev.com/1601303003).
,
Dec 21 2016
It has no actual impact. Will ignore all float-cast-overflow bugs.
,
Dec 22 2016
ClusterFuzz has detected this issue as fixed in range 440242:440280. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5631415787192320 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::ScrollbarTheme::thumbPosition thumbPosition blink::Scrollbar::offsetDidChange Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=435261:438085 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=440242:440280 Minimized Testcase (3.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94hiVBhD8rCOS2G_V5axNXRxYSOhSG8NCt4NoTTuAtFLOV-Q6pA6dgKuuYhyR5npvFxaEelaHCWUnN-Uvrg25fE3vQGRroNNd-mKYvJmYCG648WGocuUTHx55vTf6onU_9vNWkUW0QT-Kgq3BpimAX-vLleXA?testcase_id=5631415787192320 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by tkent@chromium.org
, Dec 18 2016