Integer-overflow in blink::CounterNode::computeCountInParent |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6273942065250304 Fuzzer: miaubiz_svg_fuzzer Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::CounterNode::computeCountInParent blink::CounterNode::recount blink::makeCounterNodeIfNeeded Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=389413:389420 Minimized Testcase (4.32 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94_CNibnFVjF9ckgp4pY223E2fEnm-LC7oLDGMWFNl9m2xEhdwmw016RB5LeB1FlCnyFb1rFvfpg1b_9ibqngCHRKyLH6F4YGBX2RjAg3LvWLOheYWCPGNzPq7bweRMNb2S6flj7mpnWiezCNMavCYZ9l-Qdg?testcase_id=6273942065250304 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Dec 19 2016
Find it and CL did not provide any possible suspect. Using Code Search for the file, "CounterNode.cpp" assigning to the concer owner. @eae -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
,
Feb 21 2017
Non-security int overflows are considered WontFix.
,
Jul 14 2017
ClusterFuzz testcase 6273942065250304 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace. |
||||
►
Sign in to add a comment |
||||
Comment 1 by tkent@chromium.org
, Dec 18 2016