New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 850053 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jun 2018
Cc:
ifratric@google.com
brajkumar@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Float-cast-overflow in blink::LayoutFrameSet::UpdateLayout

Project Member Reported by ClusterFuzz, Jun 6 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5094586494746624

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Float-cast-overflow
Crash Address: 
Crash State:
  blink::LayoutFrameSet::UpdateLayout
  LayoutIfNeeded
  blink::LayoutGrid::LayoutGridItems
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=564788:564789

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5094586494746624

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Jun 6 2018

Components: Blink>Layout
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Jun 6 2018

Labels: Test-Predator-Auto-Owner
Owner: nigeltao@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/dd2af2ca458e410d29907189b09db0c1f79eb577 (Re-order file_manager_private.js declarations).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by nigeltao@chromium.org, Jun 6 2018

Labels: Test-Predator-Wrong-CLs
Owner: ----
Status: Untriaged (was: Assigned)
I don't see how "Re-order file_manager_private.js declarations" could affect blink::LayoutFrameSet::UpdateLayout. The .js file is only used for linting by the closure-compiler, and as the CL description suggests, it only re-orders declarations, and neither adds or removes them.

Comment 4 by brajkumar@chromium.org, Jun 7 2018

Cc: brajkumar@chromium.org
Labels: M-69 Test-Predator-Wrong CF-NeedsTriage
Unable to find actual suspect through code search and also observing no suspected CL's under regression range, hence adding appropriate label and requesting someone from blink team to look in to this issue.

Thanks!

Comment 5 by e...@chromium.org, Jun 7 2018

Status: WontFix (was: Untriaged)
Project Member

Comment 6 by ClusterFuzz, Jun 14 2018

Labels: Needs-Feedback
ClusterFuzz testcase 5094586494746624 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Sign in to add a comment