Float-cast-overflow in blink::LayoutFrameSet::UpdateLayout |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5111094084108288 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::LayoutFrameSet::UpdateLayout LayoutIfNeeded blink::LayoutFlexibleBox::LayoutLineItems Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5111094084108288 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 10
Predator has provided 6 possible suspects. 1. [LayoutNG] Make LayoutNGFlexibleBox inherit from LayoutBlock by dgrogan@chromium.org 2. Replace uses of WTF::AutoReset with base::AutoReset. by jbroman@chromium.org 3. [layoutng] Skip a flexbox optimization in LayoutNG by cbiesinger@chromium.org 4. [layoutng] Re-introduce optimization by cbiesinger@chromium.org 5. [css-contain] Disable size containment for certain elements by rego@igalia.com 6. Restrict implicit root scroller promotion by bokan@chromium.org Suspecting CL : https://chromium.googlesource.com/chromium/src/+/3d8da92027fb6e434d47975194d69004122ce5b7 dgrogan@ Could you please look into this issue.
,
Jul 10
kkaluri, before I spend time on this, what makes you suspect https://chromium.googlesource.com/chromium/src/+/3d8da92027fb6e434d47975194d69004122ce5b7 Please describe the criteria used and why it applies more strongly to that CL as opposed to the other 5 suspects. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Jul 9Labels: Test-Predator-Auto-Components