New issue
Advanced search Search tips
Starred by 1 user
Status: Fixed
Owner:
Closed: Aug 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security
Nag



Sign in to add a comment
Use-of-uninitialized-value in SkRect::setBoundsCheck
Project Member Reported by clusterf...@chromium.org, Jul 10 2014 Back to list
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4940151853678592

Fuzzer: Inferno_canvas_wrecker
Job Type: Linux_msan_chrome

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  SkRect::setBoundsCheck
  SkDraw::DrawToMask
  SkMaskFilter::filterPath
  

Minimized Testcase (0.71 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95aMJVoUoxT-4H3f0rozQme1E-X9VClF_m7AhIb_9Pivuu6wRadfm7h6IDZLygZ3eexdhFHvbNr5FDTZWgjR0zoS4RglYARK6mn1dOKc9Aw1D9KcgHlzqu3yBj35QQnn60CshzA0XtwXvZbwjY8dW8rrkRcFA
Filer: inferno@chromium.org
 
Project Member Comment 1 by clusterf...@chromium.org, Jul 10 2014
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4850905084067840

Fuzzer: Inferno_canvas_wrecker
Job Type: Linux_msan_chrome

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  SkRect::setBoundsCheck
  SkScan::AntiFillPath
  SkScan::AntiFillPath
  

Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Tzh4cakuZLxSmNhQPpWysNiqDYf3mLSqVkfeXdA7CjIjKaoYcuArB5Fz2_rXSArVb5Rr6a2uHf0NEz8YE-DFK-c4DOoVdxqP721toVJAtvR-p7Wb8F5WIna-oOXg_kuixeFqZ3SX3zLLf4RfiJMu2KMJSkQ
Filer: inferno@chromium.org
Cc: reed@chromium.org
Owner: sugoi@chromium.org
Status: Assigned
Project Member Comment 3 by clusterf...@chromium.org, Jul 10 2014
Labels: Pri-1
Labels: M-37
Bulk edit of uninitialized value bugs without milestones to M-37.
Project Member Comment 5 by clusterf...@chromium.org, Jul 20 2014
Labels: Nag
sugoi@: Uh oh! This issue is still open and hasn't been updated in the last 7 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz
Cc: bsalomon@chromium.org sugoi@chromium.org
Owner: senorblanco@chromium.org
Stephen, can you please take a look.
Cc: senorblanco@chromium.org
Project Member Comment 8 by clusterf...@chromium.org, Jul 28 2014
Labels: -Security_Impact-Beta
Project Member Comment 9 by clusterf...@chromium.org, Jul 29 2014
Labels: Security_Impact-Beta
Project Member Comment 10 by clusterf...@chromium.org, Jul 29 2014
Labels: -Security_Impact-Beta
Project Member Comment 11 by clusterf...@chromium.org, Jul 29 2014
Labels: Security_Impact-Beta
Owner: junov@chromium.org
Justin, could you take a look? This one seems to involve canvas, although it's likely collateral damage.
Project Member Comment 13 by clusterf...@chromium.org, Jul 29 2014
Labels: -Security_Impact-Beta
Project Member Comment 14 by clusterf...@chromium.org, Jul 30 2014
Labels: -Security_Impact-Stable Security_Impact-Beta
Labels: -Security_Impact-Beta Security_Impact-Stable
junov: Any updates?
Owner: piotaixr@chromium.org
RĂ©mi. PTAL
Project Member Comment 18 by clusterf...@chromium.org, Aug 16 2014
piotaixr@: Uh oh! This issue is still open and hasn't been updated in the last 7 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz
The CL is waiting for review at https://codereview.chromium.org/460813002/
Status: Started
Looks like this is a dupe of  issue 388785 ?
Cc: junov@chromium.org
Comment 23 by junov@chromium.org, Aug 20 2014
@earthdok: can you CC piotaixr and myself on  bug 388785  so that we can view it?  Thanks.
Comment 24 by kenrb@chromium.org, Aug 26 2014
Cc: noel@chromium.org
Comment 26 by junov@chromium.org, Aug 27 2014
Labels: -M-37 M-38 Merge-Requested
Status: Fixed
Project Member Comment 28 by clusterf...@chromium.org, Aug 27 2014
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Project Member Comment 29 by clusterf...@chromium.org, Aug 28 2014
ClusterFuzz has detected this issue as fixed in range 292010:292092.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4940151853678592

Fuzzer: Inferno_canvas_wrecker
Job Type: Linux_msan_chrome

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  SkRect::setBoundsCheck
  SkDraw::DrawToMask
  SkMaskFilter::filterPath
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=292010:292092

Minimized Testcase (0.71 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95aMJVoUoxT-4H3f0rozQme1E-X9VClF_m7AhIb_9Pivuu6wRadfm7h6IDZLygZ3eexdhFHvbNr5FDTZWgjR0zoS4RglYARK6mn1dOKc9Aw1D9KcgHlzqu3yBj35QQnn60CshzA0XtwXvZbwjY8dW8rrkRcFA

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.

Project Member Comment 30 by clusterf...@chromium.org, Aug 28 2014
ClusterFuzz has detected this issue as fixed in range 292010:292092.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4850905084067840

Fuzzer: Inferno_canvas_wrecker
Job Type: Linux_msan_chrome

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  SkRect::setBoundsCheck
  SkScan::AntiFillPath
  SkScan::AntiFillPath
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=292010:292092

Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Tzh4cakuZLxSmNhQPpWysNiqDYf3mLSqVkfeXdA7CjIjKaoYcuArB5Fz2_rXSArVb5Rr6a2uHf0NEz8YE-DFK-c4DOoVdxqP721toVJAtvR-p7Wb8F5WIna-oOXg_kuixeFqZ3SX3zLLf4RfiJMu2KMJSkQ

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.

Comment 31 by junov@chromium.org, Aug 29 2014
Status: Started
Booyah!  Can we haz merge approve?
Status: Fixed
Lets keep in status=fixed, otherwise hurts our queries. Lets do M38 merge; m37 merge is not needed since medium severity stuff.
Labels: -Merge-Requested Merge-Approved
Owner: junov@chromium.org
Labels: -Merge-Approved Merge-Merged-2125
Merged to m38 branch with:

https://skia.googlesource.com/skia/+/57fe880c56133c26a9461375111351566de432c8
 Issue 388785  has been merged into this issue.
Labels: Release-0-M38
Project Member Comment 38 by clusterf...@chromium.org, Dec 6 2014
Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member Comment 39 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 40 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment