Integer-overflow in blink::LayoutTableSection::DistributeRemainingExtraLogicalHeight |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6203330041479168 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::LayoutTableSection::DistributeRemainingExtraLogicalHeight blink::LayoutTableSection::DistributeExtraLogicalHeightToRows blink::LayoutTable::DistributeExtraLogicalHeight Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=523880:523906 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6203330041479168 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 3 2018
Predator and CL could not provide any possible suspects. Using the code search for the file, “layout_table_section.cc” assigning to concern owner from GIT blame. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/d22a0616e628fe5e88618b288a98844b6891671c robhogan@ -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. eae@ -- CC'd you as well as robhogan@'s last visit is >30 days. Thank You.
,
Oct 27
|
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, May 3 2018Labels: Test-Predator-Auto-Components