New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 684255 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Feb 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

availableLogicalWidth >= 0 in LayoutBox.cpp

Project Member Reported by ClusterFuzz, Jan 24 2017

Comment 1 by msrchandra@chromium.org, Jan 24 2017

Cc: msrchandra@chromium.org
Components: Blink>Layout
Labels: Test-Predator-Wrong
Owner: chrishtr@chromium.org
Status: Assigned (was: Untriaged)
Find it and CL did not provide any possible suspects.
Using Code Search for the file, "LayoutBox.cpp" assigning to the concern owner.
Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/aa907828b27ae82aeb95be2f86d35d03cc67dc54

@chrishtr -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by chrishtr@chromium.org, Jan 24 2017

Owner: e...@chromium.org

Comment 3 by e...@chromium.org, Feb 10 2017

Owner: ----
Status: WontFix (was: Assigned)
Int overflow, not a security issue -> WontFix.
Project Member

Comment 4 by ClusterFuzz, Mar 1 2017 

ClusterFuzz has detected this issue as fixed in range 452556:452596.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6687868400697344

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  availableLogicalWidth >= 0 in LayoutBox.cpp
  blink::LayoutBox::fillAvailableMeasure
  blink::LayoutBox::fillAvailableMeasure
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=352857:352959
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=452556:452596

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95j-dO4b7gbnZERxNOlSNuFSNRDZ_WwCEK8-MwmBl0smNbj49iL7kDvsaeBXM1CWN8OBA2WB6kAM4VlBxbg4UAYMkyATqux6YT1baxHDeHDL8o0JePYk1N8UMaO9p53Lgcsi2uea6AAcYgHNcRtXbDdGchK5WkKLvXQaAowtorBztA7gFos-0IKiNt23nBByQpgJWO0UZwB3JvO9DqNTENnwBfaIsr_7_TLgbm02hdKKe9NdRI_IRJdC_LAh_SSj6mtQW8RHm8CPXLz_2gCQSCjyaRf4iRPdCxuTmx8CqJU5WQ_ckfKl8dhzQKWdJeSnQPOAMGBvuYFUkTXOzl1xB-tAvebTPM9dOU_034AmKNsRtFciIo?testcase_id=6687868400697344


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by ClusterFuzz, Mar 1 2017 

ClusterFuzz has detected this issue as fixed in range 452556:452596.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6687868400697344

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  availableLogicalWidth >= 0 in LayoutBox.cpp
  blink::LayoutBox::fillAvailableMeasure
  blink::LayoutBox::fillAvailableMeasure
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=352857:352959
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=452556:452596

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95j-dO4b7gbnZERxNOlSNuFSNRDZ_WwCEK8-MwmBl0smNbj49iL7kDvsaeBXM1CWN8OBA2WB6kAM4VlBxbg4UAYMkyATqux6YT1baxHDeHDL8o0JePYk1N8UMaO9p53Lgcsi2uea6AAcYgHNcRtXbDdGchK5WkKLvXQaAowtorBztA7gFos-0IKiNt23nBByQpgJWO0UZwB3JvO9DqNTENnwBfaIsr_7_TLgbm02hdKKe9NdRI_IRJdC_LAh_SSj6mtQW8RHm8CPXLz_2gCQSCjyaRf4iRPdCxuTmx8CqJU5WQ_ckfKl8dhzQKWdJeSnQPOAMGBvuYFUkTXOzl1xB-tAvebTPM9dOU_034AmKNsRtFciIo?testcase_id=6687868400697344


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment