New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 156826 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Dec 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security



Sign in to add a comment

UNKNOWN in S32A_Blend_BlitRow32_SSE2

Project Member Reported by infe...@chromium.org, Oct 19 2012

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=129568174

Fuzzer: Inferno_canvas_wrecker

Crash Type: UNKNOWN
Crash Address: 0x7f3a09167fb0
Crash State:
  - crash stack -
  SkARGB32_Black_Blitter::blitAntiH
  vertish
  do_anti_hairline
  
Regressed: https://cluster-fuzz.appspot.com/revisions?range=137386:137400

Minimized Testcase (0.65 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95jmXG1AEEplMjilpagf8kNrK_TaUKxXGBczBSKmX7a_Bo85BWBHTALRQCIqChhIlM9ktasV7Npf6tJaMb6JTUlogSGsQtDziIOt2lu-U-WlPenaQkwEBfgc8zCwxw9YLHT_X4G_xVpDTHWHhNOJBcSCpoh--8DmDgxoMEQYDF91lwE5p4
 
Cc: epoger@chromium.org
Owner: reed@chromium.org
Status: Assigned

Comment 2 Deleted

Summary: UNKNOWN in Color32_SSE2
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=130385298

Fuzzer: Inferno_canvas_wrecker

Crash Type: UNKNOWN
Crash Address: 0x7f3c097e01f8
Crash State:
  - crash stack -
  Color32_SSE2
  SkARGB32_Blitter::blitAntiH
  vertish
  
Regressed: https://cluster-fuzz.appspot.com/revisions?range=137386:137400

Minimized Testcase (0.88 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96rsxFQQ3m_V0SWZj9H7KN9YbXnFljHqjz9194UPfCgMKBg6T3P84Emo35jrhFc8qXIlGEbrAYFxOSIeUeJVhZNShIcqpd84ne4NFWSNLuTjrrLNlXvX0934UiILltS0Yu4tqeJAX9GZCZvN0Vsgx847z5PTDV0mQg0XurmfOmEChG6pZc
Summary: UNKNOWN in S32A_Blend_BlitRow32_SSE2
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=129784284

Fuzzer: Inferno_canvas_wrecker

Crash Type: UNKNOWN
Crash Address: 0x7faec7694388
Crash State:
  - crash stack -
  S32A_Blend_BlitRow32_SSE2
  SkARGB32_Shader_Blitter::blitAntiH
  vertish
  
Regressed: https://cluster-fuzz.appspot.com/revisions?range=137386:137400

Minimized Testcase (1.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96DFFEut_1POI_VcqlVyNq51ZyrsqkTGwO0ufV23OJ-0rAVI6-p63IUCAlY9SkFbnHvlAU2MNbmeckced0_lXgU1OkSYT2nbn05z4oG5ZqoTuixpS4rtZb_2hqRKz2BP8H1RqLWviBNEi1D_KwhmxDuNYSiP60YOwNCPGNPFfTFkyqQQ0I
Labels: Internals-Skia
Cc: darin@chromium.org

Comment 7 by reed@chromium.org, Oct 25 2012

Labels: -Internals-Skia WebKit-Rendering
Project Member

Comment 8 by ClusterFuzz, Oct 25 2012

ClusterFuzz has detected this issue as fixed in range 164029:164065.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=130385298

Fuzzer: Inferno_canvas_wrecker

Crash Type: UNKNOWN
Crash Address: 0x7f3c097e01f8
Crash State:
  - crash stack -
  Color32_SSE2
  SkARGB32_Blitter::blitAntiH
  vertish
  
Regressed: https://cluster-fuzz.appspot.com/revisions?range=137386:137400
Fixed: https://cluster-fuzz.appspot.com/revisions?range=164029:164065

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96rsxFQQ3m_V0SWZj9H7KN9YbXnFljHqjz9194UPfCgMKBg6T3P84Emo35jrhFc8qXIlGEbrAYFxOSIeUeJVhZNShIcqpd84ne4NFWSNLuTjrrLNlXvX0934UiILltS0Yu4tqeJAX9GZCZvN0Vsgx847z5PTDV0mQg0XurmfOmEChG6pZc

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.
Did something in Skia r6066:r6087 fix this ?
Project Member

Comment 10 by ClusterFuzz, Oct 26 2012

ClusterFuzz has detected this issue as fixed in range 164029:164065.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=129784284

Fuzzer: Inferno_canvas_wrecker

Crash Type: UNKNOWN
Crash Address: 0x7faec7694388
Crash State:
  - crash stack -
  S32A_Blend_BlitRow32_SSE2
  SkARGB32_Shader_Blitter::blitAntiH
  vertish
  
Regressed: https://cluster-fuzz.appspot.com/revisions?range=137386:137400
Fixed: https://cluster-fuzz.appspot.com/revisions?range=164029:164065

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96DFFEut_1POI_VcqlVyNq51ZyrsqkTGwO0ufV23OJ-0rAVI6-p63IUCAlY9SkFbnHvlAU2MNbmeckced0_lXgU1OkSYT2nbn05z4oG5ZqoTuixpS4rtZb_2hqRKz2BP8H1RqLWviBNEi1D_KwhmxDuNYSiP60YOwNCPGNPFfTFkyqQQ0I

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.
Project Member

Comment 11 by ClusterFuzz, Oct 26 2012

ClusterFuzz has detected this issue as fixed in range 164029:164065.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=129568174

Fuzzer: Inferno_canvas_wrecker

Crash Type: UNKNOWN
Crash Address: 0x7f3a09167fb0
Crash State:
  - crash stack -
  SkARGB32_Black_Blitter::blitAntiH
  vertish
  do_anti_hairline
  
Regressed: https://cluster-fuzz.appspot.com/revisions?range=137386:137400
Fixed: https://cluster-fuzz.appspot.com/revisions?range=164029:164065

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95jmXG1AEEplMjilpagf8kNrK_TaUKxXGBczBSKmX7a_Bo85BWBHTALRQCIqChhIlM9ktasV7Npf6tJaMb6JTUlogSGsQtDziIOt2lu-U-WlPenaQkwEBfgc8zCwxw9YLHT_X4G_xVpDTHWHhNOJBcSCpoh--8DmDgxoMEQYDF91lwE5p4

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.

Comment 12 by reed@chromium.org, Oct 26 2012

skia rev. 6087 fixed a known mishandling of non-finite numbers.
Project Member

Comment 13 by ClusterFuzz, Oct 26 2012

ClusterFuzz has detected this issue as fixed in range 164029:164065.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=129020517

Fuzzer: Inferno_canvas_wrecker

Crash Type: UNKNOWN
Crash Address: 0x7f8755374044
Crash State:
  - crash stack -
  SkARGB32_Black_Blitter::blitAntiH
  hline
  do_anti_hairline
  
Regressed: https://cluster-fuzz.appspot.com/revisions?range=132979:132999
Fixed: https://cluster-fuzz.appspot.com/revisions?range=164029:164065

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94kgrgLl_IaVRj3_ObvNnWx6aDHcNcT51MWOkSs_FZa3RPrSURM_aMsKxiIApzgfCu-CGllOdcYRtseKfLp00HYre3mgkJGOQtM7hPLI605dOgIZVB2MR-7Tp58bUltuXqH_3_Cy4OVInYsLOiwbRFHFH5pIT-aQ8HpKbFr3945aHvQilE

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.
Labels: -Restrict-View-SecurityTeam -Mstone-22 Restrict-View-SecurityNotify Mstone-23 Merge-Approved
Status: FixUnreleased
Yes, all the three testcases are now fixed, so skia rev. 6087 looks to have done a good job :)
 Issue 156910  has been merged into this issue.
Cc: tomhud...@chromium.org jam...@chromium.org bsalomon@chromium.org reed@chromium.org infe...@chromium.org
 Issue 157157  has been merged into this issue.
Labels: -Merge-Approved Merge-Merged
M23: https://code.google.com/p/skia/source/detail?r=6179
Status: Fixed
Project Member

Comment 19 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Area-Internals -Type-Security -SecSeverity-Medium -SecImpacts-Stable -Mstone-23 -SecImpacts-Beta -Stability-AddressSanitizer -WebKit-Rendering Security-Impact-Beta Security-Severity-Medium Cr-Internals M-23 Performance-Memory-AddressSanitizer Security-Impact-Stable Cr-Content-Rendering Type-Bug-Security
Labels: -Restrict-View-SecurityNotify
Project Member

Comment 21 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member

Comment 22 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Severity-Medium Security_Severity-Medium
Project Member

Comment 23 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member

Comment 24 by bugdroid1@chromium.org, Apr 1 2013

Labels: -Performance-Memory-AddressSanitizer Stability-Memory-AddressSanitizer
Project Member

Comment 25 by bugdroid1@chromium.org, Apr 5 2013

Labels: Cr-Blink
Project Member

Comment 26 by bugdroid1@chromium.org, Apr 6 2013

Labels: -Cr-Content-Rendering Cr-Blink-Rendering
Labels: -Cr-Blink-Rendering Cr-Blink-Layout
Migrate from Cr-Blink-Rendering to Cr-Blink-Layout
Project Member

Comment 28 by sheriffbot@chromium.org, Jun 14 2016

Labels: -security_impact-beta
Project Member

Comment 29 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 30 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment