New issue
Advanced search Search tips

Issue 598666 link

Starred by 0 users

Issue metadata

Status: Fixed
Owner:
Closed: May 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

ASSERTION FAILED: !glyphData.offset.height()

Project Member Reported by ClusterFuzz, Mar 29 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6338454136291328

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  ASSERTION FAILED: !glyphData.offset.height()
  blink::ShapeResultBuffer::fillFastHorizontalGlyphBuffer
  blink::ShapeResultBuffer::fillGlyphBuffer
  

Minimized Testcase (0.20 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97DiDW79c2ecP16Y-XdeJtSi7CwjmPwfumepKy2dzWJkWbj9itVmg_SltNGrEC9qUigs7fKBetw-BHEK9Feua8nE3qteHsuPazcrLYlVTD3ThiEUdWdKiH77zSEDPrTbBJ6DLYGa9gZILRTKYvw4NyURT3iXQ

Filer: durga.behera

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Components: Blink>Fonts>Emoji
Labels: findit-for-crash Te-Logged
Owner: fmalita@chromium.org
Status: Assigned (was: Available)
Suspected CLs: Regression information is not available. The result is the blame information.
===============================
Author: fmalita
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/562fe4a4f4147fc4fe480b18a804289171fa5baf
Time: Tue Jan 05 21:59:30 2016
The CL last changed line 190 of file ShapeResultBuffer.cpp, which is stack frame 0.

Author: fmalita
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/562fe4a4f4147fc4fe480b18a804289171fa5baf
Time: Tue Jan 05 21:59:30 2016
The CL last changed line 209 of file ShapeResultBuffer.cpp, which is stack frame 1.

Author: fmalita
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/562fe4a4f4147fc4fe480b18a804289171fa5baf
Time: Tue Jan 05 21:59:30 2016
The CL last changed line 96 of file CachingWordShaper.cpp, which is stack frame 2.

Author: eae@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/7b8e339fefbc70518f203cd0d59e6eaa876eae32
Time: Wed Jul 08 15:50:09 2015
The CL last changed line 120 of file Font.cpp, which is stack frame 3.

Author: fmalita@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/79409aae23317578b4c3c75ef49f5747ec7fffb2
Time: Tue Nov 11 16:34:26 2014
The CL last changed line 155 of file Font.cpp, which is stack frame 4.

Author: ksakamoto
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/dcc645d4800a86840a2a84ec1cf37019d7736d81
Time: Wed Oct 07 04:27:31 2015
The CL last changed line 755 of file GraphicsContext.cpp, which is stack frame 5.

Author: junov@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/61423d139f514e34a716f36933277d64b0d5fcf5
Time: Fri Mar 27 21:03:19 2015
The CL last changed line 737 of file GraphicsContext.cpp, which is stack frame 6.
--------------------------------
Suspected Component: chromium
Suspected Cr- Label: Cr-Blink-Fonts-Emoji

From above blame list suspecting the below.
https://codereview.chromium.org/1561633002
fmalita@ : Could you please take a look into this if its related to your change.
Status: Fixed (was: Assigned)
Fixed in https://crrev.com/239180b1fd08ebcf0f3098c1238077f6c0998588.
Project Member

Comment 3 by ClusterFuzz, May 23 2016

ClusterFuzz has detected this issue as fixed in range 394251:394729.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6338454136291328

Fuzzer: mbarbella_js_mutation_layout
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  ASSERTION FAILED: !glyphData.offset.height()
  blink::ShapeResultBuffer::fillFastHorizontalGlyphBuffer
  blink::ShapeResultBuffer::fillGlyphBuffer
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_content_shell_drt&range=394251:394729

Minimized Testcase (0.20 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97DiDW79c2ecP16Y-XdeJtSi7CwjmPwfumepKy2dzWJkWbj9itVmg_SltNGrEC9qUigs7fKBetw-BHEK9Feua8nE3qteHsuPazcrLYlVTD3ThiEUdWdKiH77zSEDPrTbBJ6DLYGa9gZILRTKYvw4NyURT3iXQ

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment