New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 676592 link

Starred by 1 user
Status: Duplicate
Merged: issue 629063
Owner:
robhogan@chromium.org
Use other robhogan account instead.
Closed: Jul 2017
Cc:
msten...@opera.com
dtapu...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Float-cast-overflow in blink::TableLayoutAlgorithmAuto::layout

Project Member Reported by ClusterFuzz, Dec 22 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4966623384698880

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Float-cast-overflow
Crash Address: 
Crash State:
  blink::TableLayoutAlgorithmAuto::layout
  blink::LayoutTable::layout
  blink::LayoutBlockFlow::positionAndLayoutOnceIfNeeded
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=368790:368799

Minimized Testcase (0.07 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94Jw3W2tXQooR-iXAcrqFr169sgKJQLJM4Pe9n17noI89PyOvPnLqozdI47Yu3ROJRqJUmVrtCItyjGLcTXg88U2HI-V2ajLcnssYqYQJ0YO6qMPkZo112bUbllw3ZyN2_VybmO1FVM62_iy0_6eKSf1u0OXw?testcase_id=4966623384698880
<table>
    <td><style>
* { animation-name: cfpulse95; width: calc(11516%);


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Jan 26 2017

Cc: msten...@opera.com dtapu...@chromium.org
Components: Blink>Layout
Labels: Test-Predator-Wrong M-56
Owner: robhogan@chromium.org
Status: Assigned (was: Untriaged)
As per  issue 629063 , assigning to robhogan@. could you please take a look?
Thank you.

Comment 2 by ta...@google.com, Jul 30 2017

Mergedinto: 629063
Status: Duplicate (was: Assigned)
This testcase now crashes with the signature in 629063

Sign in to add a comment