Float-cast-overflow in blink::BaseRenderingContext2D::drawImage |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6109113349832704 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::BaseRenderingContext2D::drawImage drawImage3Method drawImageMethod Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=605725:605733 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6109113349832704 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 14
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/aff00809f48803f0e5ac50bfc1dee0817d1e3d70 (Add Canvas.DrawImage by size histogram). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Nov 28
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/df19cc67459ae314f949ac1c83cb4cc24c0a6802 commit df19cc67459ae314f949ac1c83cb4cc24c0a6802 Author: David Quiroz Marin <davidqu@chromium.org> Date: Wed Nov 28 22:56:18 2018 Fix float-cast-overflow in square root of pixels calculations. Some of the canvas UMA histograms use the square root of total pixels in an image or canvas in this CL uses CheckedNumeric to avoid overflow. Bug: 905314 Change-Id: I10a85c5c372406449a64f1e32153d58d560e901c Reviewed-on: https://chromium-review.googlesource.com/c/1351519 Commit-Queue: David Quiroz Marin <davidqu@chromium.org> Reviewed-by: Fernando Serboncini <fserb@chromium.org> Cr-Commit-Position: refs/heads/master@{#611916} [modify] https://crrev.com/df19cc67459ae314f949ac1c83cb4cc24c0a6802/third_party/blink/renderer/core/html/canvas/canvas_async_blob_creator.cc [modify] https://crrev.com/df19cc67459ae314f949ac1c83cb4cc24c0a6802/third_party/blink/renderer/core/html/canvas/html_canvas_element.cc [modify] https://crrev.com/df19cc67459ae314f949ac1c83cb4cc24c0a6802/third_party/blink/renderer/modules/canvas/canvas2d/base_rendering_context_2d.cc [modify] https://crrev.com/df19cc67459ae314f949ac1c83cb4cc24c0a6802/third_party/blink/renderer/modules/canvas/canvas2d/base_rendering_context_2d.h
,
Nov 29
ClusterFuzz has detected this issue as fixed in range 611915:611916. Detailed report: https://clusterfuzz.com/testcase?key=6109113349832704 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::BaseRenderingContext2D::drawImage drawImage3Method drawImageMethod Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=605725:605733 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=611915:611916 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6109113349832704 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 29
ClusterFuzz testcase 6109113349832704 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Nov 14Labels: Test-Predator-Auto-Components