Issue metadata
Sign in to add a comment
|
Integer-overflow in blink::WebPluginContainerImpl::Paint |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5197236158595072 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::WebPluginContainerImpl::Paint blink::EmbeddedContentPainter::PaintContents blink::LayoutEmbeddedContent::PaintContents Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=543289:543291 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5197236158595072 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 15 2018
Predator could not provide any possible suspects. From the below CL observing some changes related to 'paint' , hence suspecting the same https://chromium.googlesource.com/chromium/src/+log/ea38ede3b18e99aff19e5e17c664850b1958a09f..3a3c78a924a686ed0d3f90d765b00cdd78453e11?pretty=fuller&n=10000 Suspect CL: https://chromium.googlesource.com/chromium/src/+/3a3c78a924a686ed0d3f90d765b00cdd78453e11 wangxianzhu@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.
,
Mar 19 2018
Integer overflow is not important. https://chromium-review.googlesource.com/c/chromium/src/+/964541 to fix this.
,
Mar 19 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ed208302469fc4bcde7d45149e0ca600160b4d47 commit ed208302469fc4bcde7d45149e0ca600160b4d47 Author: Xianzhu Wang <wangxianzhu@chromium.org> Date: Mon Mar 19 22:35:05 2018 [PE] Avoid integer overflow in WebPluginContainerImpl::Paint() Bug: 822190 Change-Id: I63fd40f80f243dbf4a40baac940f2dd999d3e443 Reviewed-on: https://chromium-review.googlesource.com/964541 Reviewed-by: Philip Rogers <pdr@chromium.org> Commit-Queue: Xianzhu Wang <wangxianzhu@chromium.org> Cr-Commit-Position: refs/heads/master@{#544184} [modify] https://crrev.com/ed208302469fc4bcde7d45149e0ca600160b4d47/third_party/WebKit/Source/core/exported/WebPluginContainerImpl.cpp
,
Mar 20 2018
ClusterFuzz has detected this issue as fixed in range 544181:544185. Detailed report: https://clusterfuzz.com/testcase?key=5197236158595072 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::WebPluginContainerImpl::Paint blink::EmbeddedContentPainter::PaintContents blink::LayoutEmbeddedContent::PaintContents Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=543289:543291 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=544181:544185 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5197236158595072 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 20 2018
ClusterFuzz testcase 5197236158595072 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Mar 15 2018Labels: Test-Predator-Auto-Components