Float-cast-overflow in blink::SVGInteger::CalculateAnimatedValue |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6523787657609216 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::SVGInteger::CalculateAnimatedValue blink::SVGAnimateElement::CalculateAnimatedValue blink::SVGAnimationElement::UpdateAnimation Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6523787657609216 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 27
Automatically adding ccs based on suspected regression changelists: Mark base::*Callback, GURL and mojo::ScopeHandleBase as noexcept movable by juri.valdmann@qt.io - https://chromium.googlesource.com/chromium/src/+/f841ac2afe7ac227b760d0300f2abfbe4c278bae Replace kInternalAnimation with kInternalDefault by hajimehoshi@chromium.org - https://chromium.googlesource.com/chromium/src/+/f5ec9dde2be3999c4783f0ba2955abf320b0c26f Fix documentation in callback.h by sergeyu@chromium.org - https://chromium.googlesource.com/chromium/src/+/3947bb6e0509198bd60f801e58050c654cd2ed19 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Oct 27
,
Oct 29
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/563390b263333c486e017cfedd9f206bcf12c462 commit 563390b263333c486e017cfedd9f206bcf12c462 Author: Fredrik Söderquist <fs@opera.com> Date: Mon Oct 29 17:47:38 2018 Use clampTo<int> in SVGInteger::CalculateAnimatedValue Matches what we do in SVGIntegerOptionalInteger::CalculateAnimatedValue, and avoids undefined overflow. Bug: 899445 Change-Id: I1250a05482713780f707301ed29e015fd81e65f2 Reviewed-on: https://chromium-review.googlesource.com/c/1304483 Reviewed-by: Stephen Chenney <schenney@chromium.org> Commit-Queue: Fredrik Söderquist <fs@opera.com> Cr-Commit-Position: refs/heads/master@{#603548} [modify] https://crrev.com/563390b263333c486e017cfedd9f206bcf12c462/third_party/blink/renderer/core/svg/svg_integer.cc
,
Oct 30
ClusterFuzz has detected this issue as fixed in range 603543:603564. Detailed report: https://clusterfuzz.com/testcase?key=6523787657609216 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::SVGInteger::CalculateAnimatedValue blink::SVGAnimateElement::CalculateAnimatedValue blink::SVGAnimationElement::UpdateAnimation Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=603543:603564 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6523787657609216 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 30
ClusterFuzz testcase 6523787657609216 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Oct 27Labels: Test-Predator-Auto-Components