Integer-overflow in content::RenderWidgetHostViewAura::ConvertRectToScreen |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5761295022030848 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: content::RenderWidgetHostViewAura::ConvertRectToScreen content::RenderWidgetHostViewAura::GetCaretBounds ui::InputMethodAuraLinux::OnCaretBoundsChanged Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=539956:539959 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5761295022030848 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Jan 3
Predator and CL could not provide any possible suspects. Using Code Search for the file, "input_method_auralinux.cc" suspecting the below Cl might have caused this issue Suspect CL: https://chromium.googlesource.com/chromium/src/+/65eaaf4ff757a827e5477b123fd772d7da49b78a yhanada@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Jan 15
The CL mentioned in comment 2 does just renaming the methods. I don't think it causes the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Dec 28Labels: Test-Predator-Auto-Components