Float-cast-overflow in blink::AnchorElementMetrics::RecordMetrics |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5983642913079296 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::AnchorElementMetrics::RecordMetrics blink::HTMLAnchorElement::HandleClick blink::EventDispatcher::DispatchEventPostProcess Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=567542:567543 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5983642913079296 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 16 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/50da573f8f17aa7182dc42d312ddf0d6a2710d2c (Record properties of clicked anchor elements.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jun 21 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/68185c7d664ec847c608a13e4224e85b11c17859 commit 68185c7d664ec847c608a13e4224e85b11c17859 Author: Lu Chen <chelu@chromium.org> Date: Thu Jun 21 22:51:41 2018 Fix overflow issue in blink::AnchorElementMetrics::RecordMetrics. Detail: In order to get finer resolution when recording metrics, the program multiples the area/distance metrics by 100 before sending to UMA, which can cause overflow. Fix: For area metric, the result is limited to 1.0; for distance metric, the result is limited to the maximum expected value (10000) by UMA before sending. Bug: 853435 Change-Id: Ie8d9751c86bd64f38bd79c3e12d502f71a551522 Reviewed-on: https://chromium-review.googlesource.com/1105506 Commit-Queue: Lu Chen <chelu@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Ryan Sturm <ryansturm@chromium.org> Reviewed-by: Tarun Bansal <tbansal@chromium.org> Cr-Commit-Position: refs/heads/master@{#569390} [modify] https://crrev.com/68185c7d664ec847c608a13e4224e85b11c17859/third_party/blink/renderer/core/html/anchor_element_metrics.cc
,
Jun 22 2018
ClusterFuzz has detected this issue as fixed in range 569387:569395. Detailed report: https://clusterfuzz.com/testcase?key=5983642913079296 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::AnchorElementMetrics::RecordMetrics blink::HTMLAnchorElement::HandleClick blink::EventDispatcher::DispatchEventPostProcess Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=567542:567543 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=569387:569395 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5983642913079296 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 22 2018
ClusterFuzz testcase 5983642913079296 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Jun 16 2018Labels: Test-Predator-Auto-Components