Integer-overflow in blink::LayoutFrameSet::UpdateLayout |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6054130121179136 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::LayoutFrameSet::UpdateLayout blink::LayoutBlockFlow::PositionAndLayoutOnceIfNeeded blink::LayoutBlockFlow::LayoutBlockChild Sanitizer: undefined (UBSAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6054130121179136 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 1
,
Jul 8
ClusterFuzz testcase 6054130121179136 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Jul 19
,
Jul 27
Issue 866238 has been merged into this issue.
,
Jul 30
,
Aug 2
Issue 869863 has been merged into this issue.
,
Aug 6
Issue 871024 has been merged into this issue.
,
Aug 7
Issue 871634 has been merged into this issue.
,
Aug 8
Issue 872216 has been merged into this issue.
,
Aug 10
Issue 872607 has been merged into this issue.
,
Aug 10
,
Aug 21
Issue 873107 has been merged into this issue.
,
Aug 27
Issue 877399 has been merged into this issue.
,
Aug 31
Issue 879370 has been merged into this issue.
,
Sep 3
Issue 879917 has been merged into this issue.
,
Sep 6
Issue 880717 has been merged into this issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Jun 29 2018Labels: Test-Predator-Auto-Components