Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5520430892056576 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: ms <= kMaximumECMADateInMs in DateMath.cpp blink::DateComponents::setMillisecondsSinceEpochForDateInternal blink::DateComponents::setMillisecondsSinceEpochForDate Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=413409:413414 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95wmOWdKgUUT8K6V1XRsGetnmGTpcerg09HHS2M0VKodrhQmMZPlLkk3Mlhx1eUsOVLZANq98MYFo8Ihe8IJScTRQbCSDDy_xiQ0RKEeEmd5coK1FxAT7qGnijoikC-1slPyvfrr44H4F3IaypZ-vvPqq6S1A7qqi8py80-nw8wuZRDxugDlR-tcYpstUXXQI2GKf7P7037TaVfFV80iD_70IZo5AniheW-FQQgs4TTdcTBuGZQpn_g97BKESgaH0VCSt2UrbVzKKbXcAiRFszVv6RSKO9GEBYHNGSHw2fTgKwjc1Z7jKK-71acJDRDga-Jcab8iT0mv8jigX_7ybdael6ZIkAbBHkvzpILVbhg3uwkZ7EwDOkeCq41bg8q7xyRgWP40Cir7qTs27drKsIDEVbKwA?testcase_id=5520430892056576 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Assigning to the concern owner from CL -- https://chromium.googlesource.com/chromium/src/+log/da4bffb6ef5cb7c8894c64d4666ac6a5da4d80fb..5cbfbf15751cfaff33008bd0dd54699b7791158b?pretty=fuller Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/338614224cc310e73e59496869000ef87b46e6c1 @tkent -- Could you please look into the issue, kindly re-assign if this is not related to your changes. Thank You.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/44eec03e8559fb1c260c6ddc1cdeba73706fbd0f commit 44eec03e8559fb1c260c6ddc1cdeba73706fbd0f Author: tkent <tkent@chromium.org> Date: Wed Mar 15 03:44:31 2017 INPUT element: stepDown() should not try to set an out-of-bound value. In a case where we needed to clamp the value by the minimum value, we missed to clamp it by the maximum value. BUG= 697318 Review-Url: https://codereview.chromium.org/2747173006 Cr-Commit-Position: refs/heads/master@{#456982} [modify] https://crrev.com/44eec03e8559fb1c260c6ddc1cdeba73706fbd0f/third_party/WebKit/Source/core/html/HTMLInputElementTest.cpp [modify] https://crrev.com/44eec03e8559fb1c260c6ddc1cdeba73706fbd0f/third_party/WebKit/Source/core/html/forms/InputType.cpp
ClusterFuzz has detected this issue as fixed in range 456626:457730. Detailed report: https://clusterfuzz.com/testcase?key=5520430892056576 Fuzzer: inferno_layout_test_unmodified Job Type: linux_debug_content_shell_drt Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: ms <= kMaximumECMADateInMs in DateMath.cpp blink::DateComponents::setMillisecondsSinceEpochForDateInternal blink::DateComponents::setMillisecondsSinceEpochForDate Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=413409:413414 Fixed: https://clusterfuzz.com/revisions?job=linux_debug_content_shell_drt&range=456626:457730 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94MQ-5GMlytnPoygRF3bYRfZAzQwBMyF2vHW8F6wqkqG6uu1bFeu5HE-LxnO1kBilpQRe_kGDUQ98P6SP_aEEVJ4oBH0QlIA_NIuuoj_AX9u4SRj7zhRCRnWL4x_P9zqIW0UDk6sxO8Z5jD1jMtNP_Vzj_mnHXHWMy4CoaeVN5FG--R3uzljWYZUJ2XmFK9GXiKVcaSLDJKrckqhRleg0o1V5_m0eJMwrta1oKnGg08o6Kud8k-R2kVu-XASVTTPtvO453Y0ofjJZ6oiJrn9CYQw1iuj889At1m4AO43M0atsZ2TNEXR8e0H6A1LdzjdK3Dtye_SB8uOwU_UneKjnDSqq8a3VXZeNq7WIOWgRdtRCIVIfTaz73IxbQfX0d0fOJDuWUmhKdqG_mFZt6mfGwv4fO_1g?testcase_id=5520430892056576 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by msrchandra@chromium.org
, Mar 1 2017Labels: Test-Predator-Wrong M-58
Owner: tkent@chromium.org
Status: Assigned (was: Untriaged)