Issue metadata
Sign in to add a comment
|
Integer-overflow in blink::LayoutFrameSet::UpdateLayout |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5853853900341248 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::LayoutFrameSet::UpdateLayout LayoutIfNeeded blink::LayoutFlexibleBox::LayoutLineItems Sanitizer: undefined (UBSAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5853853900341248 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 12 2018
This issue looks similar to bug 836754 , hence merging in to it. Feel free to undupe if it's a different issue. Thanks!
,
Jun 14 2018
ClusterFuzz has detected this issue as fixed in range 567089:567097. Detailed report: https://clusterfuzz.com/testcase?key=5853853900341248 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::LayoutFrameSet::UpdateLayout LayoutIfNeeded blink::LayoutFlexibleBox::LayoutLineItems Sanitizer: undefined (UBSAN) Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=567089:567097 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5853853900341248 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jun 11 2018Labels: Test-Predator-Auto-Components