Integer-overflow in blink::LayoutMultiColumnFlowThread::ComputePreferredLogicalWidths |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5844907341381632 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::LayoutMultiColumnFlowThread::ComputePreferredLogicalWidths blink::LayoutBox::MinPreferredLogicalWidth blink::LayoutBlock::ComputeChildPreferredLogicalWidths Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95SpUvWM6hJ-GeHuTNfHFUkKHem5tmUC-95MwYpkzrjUyDZIqcOwN3r7_rPRtcuXNhDJpoJRFWwMGJchdTGrJWUkEWJqbJnzUCpjPp2njcJmANZbc8k-B2ezNvGV_O9mjRCVN--6kzbnJQjksryP8DU0hvTIaj-qdsXJkpN5XpDWlJTy1piQd-AilAu_eZDB5vWnFRMKdudNFDhhuqCG2i_asBd6WXVW-u6-kOGlEBkTuHvFfl7nBjY3srMslY4BaoFPkx58AH-RVKg9mBxR-W7F8_n2y3QuLF4rrjsofDIp3d8Ou3rwZTCahnf476xarvsqnmBpKI5IAzsC6fi7VcpDotLhVeAq3HODHUw_uyFdWljLU0?testcase_id=5844907341381632 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 18 2017
Non-security int overflows are considered WontFix for Blink.
,
Apr 18 2017
Thanks for the update.
,
Jul 14 2017
ClusterFuzz testcase 5844907341381632 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Jul 17 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by mummare...@chromium.org
, Apr 11 2017Components: Blink>Layout>MultiCol
Labels: Test-Predator-Wrong M-59