base::IsValueInRangeForNumericType<int>( std::floor(rect.x() * x_scale)) in rect |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5726565318262784 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: base::IsValueInRangeForNumericType<int>( std::floor(rect.x() * x_scale)) in rect gfx::ScaleToEnclosingRect cc::LayerImpl::PopulateScaledSharedQuadState Sanitizer: address (ASAN) Minimized Testcase (1.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95sBkzCj-TcsuBw8ebAlAJ1IuuSxaXEJ6CkgAY6iOkOZoOSoTXLUxnuXHOnDLZbs_LcCCdQW1krnAmbHWhpsuMmldpUH9G3s6CNMJAXBbpkBjAErdXXI7HMlxAxOQUygYxr2cdf9oD7VQeNbHSE_hnhiHuUjiIh7p3sJ622ZQTa96khEW4BE_3VA2igIpz1e62QErgDeeUGUQd5XKXghw-9EJx_HRVN5F4-nROFg6xo6nMF7z3ZeEmDgQ0esO-nDefs0haAWu66cMHES5UXNiUuarAaWQMoPMLkftAJw8s0jZirIzJr0kEulrceIIWbFD6j3Kr-ZKeWWmiHVjFIv6zvE90w0ns5d7PJUa85ZwXex40gicA?testcase_id=5726565318262784 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jan 18 2017
As per issue 652604 , assigning to enne@. could you please take a look and help us to find correct owner if it is not related your changes. Thank you.
,
Jan 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0b00ee46de806f080c6780e6434762ea07bba876 commit 0b00ee46de806f080c6780e6434762ea07bba876 Author: enne <enne@chromium.org> Date: Fri Jan 27 20:13:31 2017 cc: Ensure that layer bounds * content scale doesn't overflow Cap maximum content scale based on the layer bounds for all layers, not just masks. BUG= 679035 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel Review-Url: https://codereview.chromium.org/2647343012 Cr-Commit-Position: refs/heads/master@{#446745} [modify] https://crrev.com/0b00ee46de806f080c6780e6434762ea07bba876/cc/layers/picture_layer_impl.cc [modify] https://crrev.com/0b00ee46de806f080c6780e6434762ea07bba876/cc/layers/picture_layer_impl_unittest.cc
,
Jan 31 2017
ClusterFuzz has detected this issue as fixed in range 446721:447186. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5726565318262784 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: base::IsValueInRangeForNumericType<int>( std::floor(rect.x() * x_scale)) in rect gfx::ScaleToEnclosingRect cc::LayerImpl::PopulateScaledSharedQuadState Sanitizer: address (ASAN) Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=446721:447186 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95sBkzCj-TcsuBw8ebAlAJ1IuuSxaXEJ6CkgAY6iOkOZoOSoTXLUxnuXHOnDLZbs_LcCCdQW1krnAmbHWhpsuMmldpUH9G3s6CNMJAXBbpkBjAErdXXI7HMlxAxOQUygYxr2cdf9oD7VQeNbHSE_hnhiHuUjiIh7p3sJ622ZQTa96khEW4BE_3VA2igIpz1e62QErgDeeUGUQd5XKXghw-9EJx_HRVN5F4-nROFg6xo6nMF7z3ZeEmDgQ0esO-nDefs0haAWu66cMHES5UXNiUuarAaWQMoPMLkftAJw8s0jZirIzJr0kEulrceIIWbFD6j3Kr-ZKeWWmiHVjFIv6zvE90w0ns5d7PJUa85ZwXex40gicA?testcase_id=5726565318262784 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 31 2017
ClusterFuzz testcase 5726565318262784 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by mummare...@chromium.org
, Jan 7 2017Components: UI>GFX
Labels: Test-Predator-Wrong M-55