Integer-overflow in blink::IntRect::UniteEvenIfEmpty |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4628455522828288 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntRect::UniteEvenIfEmpty blink::LayoutObject::AbsoluteBoundingBoxRect blink::ScrollingCoordinator::ComputeShouldHandleScrollGestureOnMainThreadRegion Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4628455522828288 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 30
As per the Issue 854979 , assigning this issue to @schenney. @schenney -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thanks.
,
Jul 30
A bad bounding box is not really a problem when the content itself requests it. No nothing to fix here. We don't want to slow things down to catch this situation. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Jul 28Labels: Test-Predator-Auto-Components