Issue metadata
Sign in to add a comment
|
Integer-overflow in blink::IntPoint::Move |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5538385251532800 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntPoint::Move blink::operator+= blink::EmbeddedContentPainter::PaintContents Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=549059:549062 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5538385251532800 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 30 2018
This looks similar to Issue 837471 , hence merging into it Please undo it, if it not the case
,
Nov 13
ClusterFuzz has detected this issue as fixed in range 607493:607495. Detailed report: https://clusterfuzz.com/testcase?key=5538385251532800 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntPoint::Move blink::operator+= blink::EmbeddedContentPainter::PaintContents Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=549059:549062 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=607493:607495 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5538385251532800 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Apr 27 2018Labels: Test-Predator-Auto-Components