Integer-overflow in cc::KeyframeModel::CalculatePhase |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5412151086546944 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: cc::KeyframeModel::CalculatePhase cc::KeyframeModel::CalculateActiveTime cc::KeyframeModel::InEffect Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=614365:614366 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5412151086546944 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Jan 14
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/f22e0fbd1e6b06ff4d59faf95b2338f750fc0dac ([cc] Fix incorrect KeyframeModel::InEffect() calculation on the cc side). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jan 16
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/498d5722a1cf41de06afab2816cbba2c7c1bb30a commit 498d5722a1cf41de06afab2816cbba2c7c1bb30a Author: Yi Gu <yigu@chromium.org> Date: Wed Jan 16 05:38:25 2019 [Clusterfuzz] Fix Integer-overflow in cc::KeyframeModel::CalculatePhase Currently CalculatePhase has "-time_offset_" where "time_offset_" can be std::numeric_limits<int64_t>::min(). Bug: 921454 Change-Id: I2b2906bea9c46693851be4161253bbeb3b48ff27 Reviewed-on: https://chromium-review.googlesource.com/c/1411032 Commit-Queue: Yi Gu <yigu@chromium.org> Reviewed-by: Stephen McGruer <smcgruer@chromium.org> Cr-Commit-Position: refs/heads/master@{#623122} [modify] https://crrev.com/498d5722a1cf41de06afab2816cbba2c7c1bb30a/cc/animation/keyframe_model.cc [modify] https://crrev.com/498d5722a1cf41de06afab2816cbba2c7c1bb30a/cc/animation/keyframe_model.h [modify] https://crrev.com/498d5722a1cf41de06afab2816cbba2c7c1bb30a/cc/animation/keyframe_model_unittest.cc
,
Jan 16
(6 days ago)
ClusterFuzz has detected this issue as fixed in range 623120:623122. Detailed report: https://clusterfuzz.com/testcase?key=5412151086546944 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: cc::KeyframeModel::CalculatePhase cc::KeyframeModel::CalculateActiveTime cc::KeyframeModel::InEffect Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=614365:614366 Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=623120:623122 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5412151086546944 See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 16
(6 days ago)
ClusterFuzz testcase 5412151086546944 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Jan 14Labels: Test-Predator-Auto-Components