New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 693874 link

Starred by 2 users
Status: WontFix
Owner:
enne@chromium.org
Closed: Feb 2017
Cc:
pdr@chromium.org
ifratric@google.com
msrchandra@chromium.org
vmp...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in blink::operator+

Project Member Reported by ClusterFuzz, Feb 18 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6370276226105344

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::operator+
  blink::ListMarkerPainter::paint
  blink::LayoutListMarker::paint
  
Sanitizer: undefined (UBSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=440242:440280

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96SGUBrNsMezGyHWA-WrlY0zbHHPCJYVoqqlwwgoXyd2LxIMw04Y2_qgEv6p6gU3oJgAqj8_unw6iQmq3r3e4W-djnD-IAX_Ac9DLR6xqHUSUCjhkZtO2EZSSxJVJeoAJaepxQCJgjNRnijpHga4qUDuI1DrA?testcase_id=6370276226105344


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Feb 20 2017

Cc: msrchandra@chromium.org
Components: Blink>Paint
Labels: Test-Predator-Wrong
Owner: enne@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not find any possible suspects.
Using Code Search for the file, "IntPoint.h" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/42cb2e5d1ee0e5a9e1073307b93df913d2df913f

@enne -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by enne@chromium.org, Feb 21 2017

Cc: pdr@chromium.org
Status: WontFix (was: Assigned)
I don't think integer overflows are a thing that we want to fix in Blink.  Setting this to WontFix.  (cc pdr)

Sign in to add a comment