Integer-overflow in gfx::ScaleToEnclosingRect |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4810305612546048 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: gfx::ScaleToEnclosingRect ScaleToEnclosingRect cc::PictureLayerImpl::AppendQuads Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4810305612546048 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 23
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/73fe3c43758e89fe7214aac25293f7e71c4bda55 (cc: Compute |visible_rect| for tiled mask layers to limit raster). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Nov 29
,
Dec 6
,
Dec 6
,
Dec 11
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Nov 23Labels: Test-Predator-Auto-Components