New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 820704 link

Starred by 1 user

Issue metadata

Status: Verified
Owner: ----
Closed: Mar 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in content::RenderWidgetHostViewAura::ConvertRectToScreen

Project Member Reported by ClusterFuzz, Mar 10 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5666562502295552

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  content::RenderWidgetHostViewAura::ConvertRectToScreen
  content::RenderWidgetHostViewAura::GetCaretBounds
  ui::InputMethodAuraLinux::OnCaretBoundsChanged
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=539956:539959

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5666562502295552

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Mar 10 2018

Components: Internals>Core
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Cc: brajkumar@chromium.org
Labels: M-67 Test-Predator-Wrong CF-NeedsTriage
Unable to find actual suspect through code search and also from the provided CL under regression range, hence adding appropriate label and leaving it as untriaged for further updates.

Thanks!
Project Member

Comment 3 by ClusterFuzz, Mar 15 2018

ClusterFuzz has detected this issue as fixed in range 543263:543264.

Detailed report: https://clusterfuzz.com/testcase?key=5666562502295552

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  content::RenderWidgetHostViewAura::ConvertRectToScreen
  content::RenderWidgetHostViewAura::GetCaretBounds
  ui::InputMethodAuraLinux::OnCaretBoundsChanged
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=539956:539959
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=543263:543264

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5666562502295552

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Mar 15 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 5666562502295552 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment