Float-cast-overflow in blink::LayoutFrameSet::UpdateLayout |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5723891584204800 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Float-cast-overflow Crash Address: Crash State: blink::LayoutFrameSet::UpdateLayout blink::LayoutFlexibleBox::ConstructAndAppendFlexItem blink::LayoutFlexibleBox::LayoutFlexItems Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:563900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5723891584204800 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Nov 26
Redoing the task to hopefully get a narrower range.
,
Nov 26
Automatically adding ccs based on suspected regression changelists: Fixing LayoutBox overrides so they store what they say by rego@igalia.com - https://chromium.googlesource.com/chromium/src/+/3594da711b52b5eac14253f3e2a78f55a9fcb608 Restrict implicit root scroller promotion by bokan@chromium.org - https://chromium.googlesource.com/chromium/src/+/01b4a52669053503d6914eac6b93891b16cf47a6 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Dec 1
Value in the repro html is out-of-bounds. Our policy has been to WontFix these issues.
,
Dec 8
ClusterFuzz testcase 5723891584204800 is still reproducing on tip-of-tree build (trunk). If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase. Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.
,
Dec 9
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Nov 23Labels: Test-Predator-Auto-Components