Float-cast-overflow in blink::FilterEffectBuilder::BuildFilterOperations |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5406108094824448 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::FilterEffectBuilder::BuildFilterOperations blink::PaintLayer::UpdateCompositorFilterOperationsForFilter UpdateFilter Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5406108094824448 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 21
That looks like it's been there for quite a while. pdr@ or wangxianzhu@, mind taking a look?
I always wonder what the right thing to do in these cases is. If you write a page like this, you should expect some overflowing floats.
<script src=../../resources/js-test-pre.js></script>
<div id=testDiv style="position: absolute;"><script>
evalAndLog("testDiv.style['-webkit-filter'] = 'brightness(calc(65474% * 5503374400806569534276536868872738173885066231797136524252364685595346149179813166930705605533153253289798530471903169393255601832145492350992119340834386605622747423331267978895253148541003293530945343628281078221405990207581975692299982291894874131958222548549828923135284285769621758613133397372018171241581881770730003212479392126954443656519997508171))'");
</script>
,
Nov 21
I always mark integer and floating overflow bugs found by clusterfuzz WontFix. For now we don't check and clamp most of integer and floating overflows and I don't see any plan for it.
,
Nov 26
Thanks for the tip, wangxianzhu@. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Nov 21Labels: Test-Predator-Auto-Components