Crash in SkResizeFilter::computeFilters |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6010679009476608 Fuzzer: noel-image-flip Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: SkResizeFilter::computeFilters SkResizeFilter::SkResizeFilter SkBitmapScaler::Resize Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286 Minimized Testcase (3.30 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96iKQPJC85qSAKloa7dUPx5dhzdynE7UeW6UCjp99n-kmq95tPKyjK2k9pd5qy4EJbxyG-ngPW3TKdlqOZklrFdNcGFO4ruraudJjUh4-rXIhlkdRRJRrFanpug7DXEiK5LwVu2jKo8zPH2L8X6IzfNIsTbLA Filer: manoranjanr See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 21 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/fa4c20e728c2b25f7b1a7d858adc8156005ec229 commit fa4c20e728c2b25f7b1a7d858adc8156005ec229 Author: caryclark <caryclark@google.com> Date: Mon Mar 21 18:25:42 2016 exit computeFilters if filter width is zero The fuzzer associated with this bug triggered an assert when building the resize filter. I can't tell if there is a more fundemental bug here or not. Checking for a zero-sized filter fixes the fuzzer. R=fmalita@chromium.org BUG= 595856 GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1810333002 Review URL: https://codereview.chromium.org/1810333002 [modify] https://crrev.com/fa4c20e728c2b25f7b1a7d858adc8156005ec229/src/core/SkBitmapScaler.cpp
,
Mar 22 2016
,
Mar 23 2016
ClusterFuzz has detected this issue as fixed in range 382185:382751. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6010679009476608 Fuzzer: noel-image-flip Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: SkResizeFilter::computeFilters SkResizeFilter::SkResizeFilter SkBitmapScaler::Resize Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=382185:382751 Minimized Testcase (3.30 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96iKQPJC85qSAKloa7dUPx5dhzdynE7UeW6UCjp99n-kmq95tPKyjK2k9pd5qy4EJbxyG-ngPW3TKdlqOZklrFdNcGFO4ruraudJjUh4-rXIhlkdRRJRrFanpug7DXEiK5LwVu2jKo8zPH2L8X6IzfNIsTbLA See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 11 2016
Issue 609964 has been merged into this issue.
,
May 11 2016
,
May 24 2016
Issue 588567 has been merged into this issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by manoranj...@chromium.org
, Mar 17 2016Owner: caryclark@chromium.org
Status: Assigned (was: Available)