New issue
Advanced search Search tips

Issue 614986 link

Starred by 1 user

Issue metadata

Status: Duplicate
Owner:
Closed: May 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in cc::ResourceProvider::CreateBitmap

Project Member Reported by ClusterFuzz, May 26 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4584609119731712

Fuzzer: meacer_extension_apis
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000008
Crash State:
  cc::ResourceProvider::CreateBitmap
  cc::ResourceProvider::CreateResource
  cc::ScopedResource::Allocate
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=395936:396053

Minimized Testcase (8.81 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97i3CLE_l4i1_jF-yMMRTf_QVg8xmD61NtVEBed21W0tQQP3RbCt5twXHc-352Cxt8tfydK_289Db4yQXYaB2z12K1zk_KH180ebQ1nPvLlFQ3XiIvxtNe01tFcZUX1O967srMRWL5-lwDuq3Rj7hgRr_QTMA

Filer: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Cc: nyerramilli@chromium.org
Components: Tools>Test>FindIt>WrongResult Internals>Compositing
Labels: findit-wrong Te-Logged M-53
Owner: smaier@chromium.org
Status: Assigned (was: Available)
using codesearch, seeing some recent changes to 'resource_bundle.cc'
in https://chromium.googlesource.com/chromium/src/+log/master/ui/base/resource/resource_bundle.cc

smaier@,Could you please check the above issue & help us in finding an owner it its not yours.

providing Findit results for internal purpose:
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: avi
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/02a4d17f5a95ceea4049ccf1036f051d6630dfb1
Time: Mon Dec 21 06:14:36 2015
The CL last changed line 29 of file shared_bitmap.h, which is stack frame 0.

Author: danakj
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/6e3bf801a1d673d73df79f64887b4429cf826887
Time: Tue Dec 16 18:27:53 2014
The CL last changed line 623 of file resource_provider.cc, which is stack frame 1.

Author: ccameron
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/5014371a5caf42235246e54622fa6dec0edd5ba1
Time: Fri Oct 09 20:28:06 2015
The CL last changed line 571 of file resource_provider.cc, which is stack frame 2.

Author: ccameron
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/5014371a5caf42235246e54622fa6dec0edd5ba1
Time: Fri Oct 09 20:28:06 2015
The CL last changed line 25 of file scoped_resource.cc, which is stack frame 3.

Author: ccameron
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/a446856b8c1d867785bc191d3d1e8fff94ea7905
Time: Thu Oct 29 22:28:23 2015
The CL last changed line 130 of file resource_pool.cc, which is stack frame 4.

Author: christiank
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/f7033f79311149ae641bcaa3986c753f60f1db7e
Time: Thu Sep 24 07:48:09 2015
The CL last changed line 889 of file tile_manager.cc, which is stack frame 5.

Author: ericrk
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/95ca56bc5de767ce231a8fe3b7fe2644942a94a4
Time: Thu Dec 03 02:54:16 2015
The CL last changed line 803 of file tile_manager.cc, which is stack frame 6.

Suspected Project: chromium
Suspected Component: Internals>Compositing

Comment 2 by smaier@chromium.org, May 26 2016

Cc: -nyerramilli@chromium.org
Owner: nyerramilli@chromium.org
My change should not be affecting images. It simply changes the signature of two of the LoadDataResourceBytes functions in the ResourceBundle - which this issue's stack trace doesn't touch.
Project Member

Comment 3 by ClusterFuzz, May 26 2016

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5682306190934016

Fuzzer: meacer_extension_apis
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000008
Crash State:
  cc::ResourceProvider::CreateBitmap
  cc::ResourceProvider::CreateResource
  cc::LayerTreeHostImpl::CreateUIResource
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=395936:396053

Minimized Testcase (6.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv975elatEb301_OvnU7pSAxiN8IeTONGFSU0l99QzF-IhfXNNmukl1GzGDfMIK0MpFBC8KKy3AEoR_3vOaQDQtvKnJh52geb-OSEctDB-uk2fgCyR72jwuZRrcWk_MZUK5Aka3YsSLcz42DJMV57D9ghVrQk7g

Filer: manoranjanr

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Mergedinto: 615121
Status: Duplicate (was: Assigned)
Project Member

Comment 5 by ClusterFuzz, May 27 2016

ClusterFuzz has detected this issue as fixed in range 396110:396253.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4584609119731712

Fuzzer: meacer_extension_apis
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000008
Crash State:
  cc::ResourceProvider::CreateBitmap
  cc::ResourceProvider::CreateResource
  cc::ScopedResource::Allocate
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=395936:396053
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=396110:396253

Minimized Testcase (8.81 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97i3CLE_l4i1_jF-yMMRTf_QVg8xmD61NtVEBed21W0tQQP3RbCt5twXHc-352Cxt8tfydK_289Db4yQXYaB2z12K1zk_KH180ebQ1nPvLlFQ3XiIvxtNe01tFcZUX1O967srMRWL5-lwDuq3Rj7hgRr_QTMA

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Jun 3 2016

ClusterFuzz has detected this issue as fixed in range 397495:397535.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5682306190934016

Fuzzer: meacer_extension_apis
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000008
Crash State:
  cc::ResourceProvider::CreateBitmap
  cc::ResourceProvider::CreateResource
  cc::LayerTreeHostImpl::CreateUIResource
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=395936:396053
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=397495:397535

Minimized Testcase (6.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv975elatEb301_OvnU7pSAxiN8IeTONGFSU0l99QzF-IhfXNNmukl1GzGDfMIK0MpFBC8KKy3AEoR_3vOaQDQtvKnJh52geb-OSEctDB-uk2fgCyR72jwuZRrcWk_MZUK5Aka3YsSLcz42DJMV57D9ghVrQk7g

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Components: -Tools>Test>FindIt>WrongResult
Labels: Test-Predator-Wrong
Project Member

Comment 8 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment