Float-cast-overflow in blink::CSSPrimitiveValue::Create |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6061877495595008 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::CSSPrimitiveValue::Create blink::SVGLength::NewValueSpecifiedUnits blink::SVGAnimatedTextLength::baseVal Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6061877495595008 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 14
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/68b36958a5252b72df14ef11646554c5d6760cb3 (Fix Pi-related constants for Chromium C++ style.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Aug 15
My CL just renamed variables.
,
Aug 15
,
Aug 15
Given the transform, we'll likely end up producing SVGTextFragments which are (+/-)NaN wide - which would make getComputedTextLength produce NaN as well. There's really no "good" solution to that.
,
Nov 15
ClusterFuzz has detected this issue as fixed in range 607946:607947. Detailed report: https://clusterfuzz.com/testcase?key=6061877495595008 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::CSSPrimitiveValue::Create blink::SVGLength::NewValueSpecifiedUnits blink::SVGAnimatedTextLength::baseVal Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=607946:607947 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6061877495595008 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 15
ClusterFuzz testcase 6061877495595008 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Aug 14Labels: Test-Predator-Auto-Components