Integer-overflow in blink::IntRect::MaxX |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4564268139413504 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: blink::IntRect::MaxX blink::IntRect::Intersect blink::FramePainter::Paint Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=549059:549062 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4564268139413504 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Dec 31
Predator and CL could not provide any possible suspects. Using the code search for the file, “int_rect.h” assigning to owner concerned from GIT blame. Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/19105bf325d14227fcdf7dcaca1e9aadaceca933 @bratell -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Dec 31
Overflow in path coordinates is not a problem. We would just draw it in the wrong place. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Dec 29Labels: Test-Predator-Auto-Components