Integer-overflow in blink::operator- |
||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4762233839288320 Fuzzer: inferno_webbot Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::operator- enclosingIntRect enclosingBoundingBox Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94Jxpmva7fIMS4rnRiHfSFF9BzS-ja0WethV900pJTI3Zbyz9dg-QRMKURqKahvOZyoFDBXLOCjbz4aMlsHuTiZ9_9Tud2CASSBwv_NkmSR-NcCsWZvI5snqeKEiNcEGOZ8KOQ4GK1m21MjG4CRl01UxxZV91Htdii96DzlsbQQdwsuXrkBjnSSRo8jHjJLF8JwgXADeft4s_PZxf-Hpt2rIkT4HStX3kb8pUWCNVJxqRRF92KFJKwwfcxltPW0tnIMF2udxSON0XUQccxyjdl0bXiChUcbaoMdhtShOwl0z250QCMY3hzklOxhFAT016aZ6SditpnhEL4c7oUoJ-CsafDbds3TQOShwLpjvJILwqa7qKyaBDH_AcWPwRPRU9c8YV752mBjfRFeCDe8U5ZX5kMNQg?testcase_id=4762233839288320 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 22 2017
@Abhishek, should this have been covered by https://chrome-internal-review.googlesource.com/c/329162?
,
Feb 22 2017
,
Feb 22 2017
Should be covered. We stopped seeing these on the 17th when that CL landed. The report here is from the 12th.
,
Feb 22 2017
ah, thank you. I saw it was filed on the 18th but didn't notice it was created on the 12th. Thanks! |
||
►
Sign in to add a comment |
||
Comment 1 by msrchandra@chromium.org
, Feb 20 2017Labels: Test-Predator-Wrong
Owner: thakis@chromium.org
Status: Assigned (was: Untriaged)