Integer-overflow in blink::LayoutTableSection::CalcRowLogicalHeight |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5852386921545728 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::LayoutTableSection::CalcRowLogicalHeight blink::LayoutTable::LayoutSection blink::LayoutTable::UpdateLayout Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=523880:523906 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5852386921545728 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 1 2018
,
May 8 2018
ClusterFuzz testcase 5852386921545728 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Jun 12 2018
Issue 851704 has been merged into this issue.
,
Jun 22 2018
Issue 855007 has been merged into this issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, May 1 2018Labels: Test-Predator-Auto-Components