Float-cast-overflow in blink::LayoutBox::AbsoluteContentBox |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4653194324738048 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::LayoutBox::AbsoluteContentBox blink::LayoutBox::ComputeResourcePriority blink::PriorityFromObserver Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=569264:569265 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4653194324738048 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 15
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/10ad99b832eb1f4770cb39f95557dbdcfa96fe69 (UpgradeInsecureRequest: Stop upgrading port manually.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Aug 16
I didn't tried to reproduce with/without my patch, but it looks clearly not related to my change. My patch is trivial and happens on the browser process. This crash happens in Blink. My patch should not change Chrome behavior at all.
,
Aug 17
,
Aug 17
,
Aug 24
ClusterFuzz testcase 4653194324738048 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Aug 15Labels: Test-Predator-Auto-Components