Issue metadata
Sign in to add a comment
|
Integer-overflow in blink::IntPoint::Move |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4832426879352832 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntPoint::Move blink::LocalFrameView::Location blink::LocalFrameView::FrameRect Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=549059:549062 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4832426879352832 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 11 2018
Predator and CL could not provide any possible suspects. Using Code Search for the file, "local_frame_view.cc" suspecting the below Cl might have caused this issue Suspect CL: https://chromium.googlesource.com/chromium/src/+/cf91f7965c29e2bc93e81f79cef5d77481b00e6e%5E%21/third_party/WebKit/Source/core/frame/LocalFrameView.cpp szager@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
May 13 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/439edd50cd57d6f82cfa799dc3609e9fb99bb760 commit 439edd50cd57d6f82cfa799dc3609e9fb99bb760 Author: Stefan Zager <szager@chromium.org> Date: Sun May 13 18:47:01 2018 Don't overflow LocalFrameView size. BUG= 841791 R=skobes@chromium.org Change-Id: I41ebc90803c4398aaaab3a8713e34fd3824595c5 Reviewed-on: https://chromium-review.googlesource.com/1055675 Reviewed-by: Stefan Zager <szager@chromium.org> Reviewed-by: Steve Kobes <skobes@chromium.org> Commit-Queue: Stefan Zager <szager@chromium.org> Cr-Commit-Position: refs/heads/master@{#558161} [modify] https://crrev.com/439edd50cd57d6f82cfa799dc3609e9fb99bb760/third_party/blink/renderer/core/frame/local_frame_view.cc
,
May 14 2018
ClusterFuzz has detected this issue as fixed in range 558160:558161. Detailed report: https://clusterfuzz.com/testcase?key=4832426879352832 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntPoint::Move blink::LocalFrameView::Location blink::LocalFrameView::FrameRect Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=549059:549062 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=558160:558161 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4832426879352832 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 14 2018
ClusterFuzz testcase 4832426879352832 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, May 10 2018Labels: Test-Predator-Auto-Components