Issue 836991 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	wangxianzhu@chromium.org
Closed:	May 2018
Cc:	pnangunoori@chromium.org ifratric@google.com jbroman@chromium.org
Components:	Platform
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Clusterfuzz Stability-UndefinedBehaviorSanitizer Test-Predator-Wrong Test-Predator-Wrong-CLs M-68 ClusterFuzz-Ignore Test-Predator-Auto-Components Test-Predator-Auto-Owner

Float-cast-overflow in blink::ScrollbarTheme::ThumbPosition

Project Member Reported by ClusterFuzz, Apr 25 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5866967026892800

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Float-cast-overflow
Crash Address: 
Crash State:
  blink::ScrollbarTheme::ThumbPosition
  ThumbPosition
  blink::Scrollbar::OffsetDidChange
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=552707:552711

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5866967026892800

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Apr 25 2018

Components: Platform
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Project Member

Comment 2 by ClusterFuzz, Apr 25 2018

Labels: Test-Predator-Auto-Owner
Owner: orphis@chromium.org
Status: Assigned (was: Untriaged)

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/254b97d5a6edc67def94977f747c4472182a867b (Introduce a direct dependency Blink -> WebRTC).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by orphis@chromium.org, Apr 27 2018

Labels: Test-Predator-Wrong-CLs
Owner: ----
Status: Untriaged (was: Assigned)

My CL never touched any of the code in the component that is affected.

Comment 4 by pnangunoori@chromium.org, May 3 2018

Cc: pnangunoori@chromium.org
Labels: M-68 Test-Predator-Wrong
Owner: wangxianzhu@chromium.org
Status: Assigned (was: Untriaged)

This issue seems to be similar to the  Issue 675360 . 
wangxianzhu@ -- Could you please take a look into this issue.

As we are unable to provide possible suspect using Predator, CL and Code Search.

Thanks!

Comment 5 by wangxianzhu@chromium.org, May 3 2018

Status: WontFix (was: Assigned)

We don't check overflow on float/int arithmetic, and there seems no plan for it.

Project Member

Comment 6 by ClusterFuzz, May 10 2018

Labels: Needs-Feedback

ClusterFuzz testcase 5866967026892800 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 7 by wangxianzhu@chromium.org, May 10 2018

Labels: -Needs-Feedback ClusterFuzz-Ignore

Project Member

Comment 8 by ClusterFuzz, May 17 2018

ClusterFuzz has detected this issue as fixed in range 559316:559318.

Detailed report: https://clusterfuzz.com/testcase?key=5866967026892800

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Float-cast-overflow
Crash Address: 
Crash State:
  blink::ScrollbarTheme::ThumbPosition
  ThumbPosition
  blink::Scrollbar::OffsetDidChange
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=552707:552711
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=559316:559318

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5866967026892800

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 9 by jbroman@chromium.org, May 18 2018

Cc: jbroman@chromium.org

 Issue 844414  has been merged into this issue.

►

Issue 836991 link

Issue metadata

Float-cast-overflow in blink::ScrollbarTheme::ThumbPosition

Issue description

Comment 1 by ClusterFuzz, Apr 25 2018

Comment 1 Deleted

Comment 2 by ClusterFuzz, Apr 25 2018

Comment 2 Deleted

Comment 3 by orphis@chromium.org, Apr 27 2018

Comment 3 Deleted

Comment 4 by pnangunoori@chromium.org, May 3 2018

Comment 4 Deleted

Comment 5 by wangxianzhu@chromium.org, May 3 2018

Comment 5 Deleted

Comment 6 by ClusterFuzz, May 10 2018

Comment 6 Deleted

Comment 7 by wangxianzhu@chromium.org, May 10 2018

Comment 7 Deleted

Comment 8 by ClusterFuzz, May 17 2018

Comment 8 Deleted

Comment 9 by jbroman@chromium.org, May 18 2018

Comment 9 Deleted

Sign in to add a comment