Issue 897388 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Oct 26
Cc:	ifratric@google.com kkaluri@chromium.org
Components:	Blink>Layout
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Clusterfuzz Stability-UndefinedBehaviorSanitizer Test-Predator-Wrong ClusterFuzz-Ignore CF-NeedsTriage M-70

Integer-overflow in blink::list_marker_text::GetText

Project Member Reported by ClusterFuzz, Oct 20

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5911422188650496

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  blink::list_marker_text::GetText
  blink::LayoutListMarker::UpdateContent
  blink::LayoutListMarker::ComputePreferredLogicalWidths
  
Sanitizer: undefined (UBSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5911422188650496

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by kkaluri@chromium.org, Oct 22

Cc: kkaluri@chromium.org
Labels: M-70 CF-NeedsTriage Test-Predator-Wrong

Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

Comment 2 by dtapu...@chromium.org, Oct 24

Components: Blink>Layout

Comment 3 by e...@chromium.org, Oct 26

Labels: ClusterFuzz-Ignore
Status: WontFix (was: Untriaged)

►

Issue 897388 link

Issue metadata

Integer-overflow in blink::list_marker_text::GetText

Issue description

Comment 1 by kkaluri@chromium.org, Oct 22

Comment 1 Deleted

Comment 2 by dtapu...@chromium.org, Oct 24

Comment 2 Deleted

Comment 3 by e...@chromium.org, Oct 26

Comment 3 Deleted

Sign in to add a comment