Integer-overflow in blink::IntPoint::Move |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6516634249068544 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntPoint::Move Move blink::PaintLayerScrollableArea::ResizerCornerRect Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=549059:549062 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6516634249068544 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 25 2018
Overflow in setting up painting operations with very large inputs is generally not a problem.
,
May 2 2018
ClusterFuzz testcase 6516634249068544 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
May 2 2018
|
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Apr 25 2018Labels: Test-Predator-Auto-Components