Issue 851791 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 837300
Owner:	schenney@chromium.org
Closed:	Jun 2018
Cc:	█ brajkumar@chromium.org
Components:	Internals>Compositing>Scroll Platform
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Clusterfuzz Unreproducible Stability-UndefinedBehaviorSanitizer Test-Predator-Wrong M-68 Test-Predator-Auto-Components

Integer-overflow in blink::IntRect::UniteEvenIfEmpty

Project Member Reported by ClusterFuzz, Jun 12 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5614016886734848

Fuzzer: inferno_twister
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::IntRect::UniteEvenIfEmpty
  blink::Region::Unite
  blink::ScrollingCoordinator::ComputeShouldHandleScrollGestureOnMainThreadRegion
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=549059:549062

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5614016886734848

Additional requirements: Requires HTTP

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Project Member

Comment 1 by ClusterFuzz, Jun 12 2018

Components: Blink Platform
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by brajkumar@chromium.org, Jun 12 2018

Cc: brajkumar@chromium.org
Labels: M-68 Test-Predator-Wrong
Owner: schenney@chromium.org
Status: Assigned (was: Untriaged)

This issue looks similar to  bug 837300 , hence assigning to the same owner for more updates.

schenney@ Could you please take a look in to this issue?

Thanks!

Comment 3 by junov@chromium.org, Jun 12 2018

Components: -Blink Internals>Compositing>Scroll

Comment 4 by schenney@chromium.org, Jun 12 2018

Mergedinto: 837300
Status: Duplicate (was: Assigned)

Project Member

Comment 5 by ClusterFuzz, Jul 12

Labels: -Reproducible Unreproducible

ClusterFuzz testcase 5614016886734848 appears to be flaky, updating reproducibility label.

►

Issue 851791 link

Issue metadata

Integer-overflow in blink::IntRect::UniteEvenIfEmpty

Issue description

Comment 1 by ClusterFuzz, Jun 12 2018

Comment 1 Deleted

Comment 2 by brajkumar@chromium.org, Jun 12 2018

Comment 2 Deleted

Comment 3 by junov@chromium.org, Jun 12 2018

Comment 3 Deleted

Comment 4 by schenney@chromium.org, Jun 12 2018

Comment 4 Deleted

Comment 5 by ClusterFuzz, Jul 12

Comment 5 Deleted

Sign in to add a comment