Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/27c8eb8ffd7e221693d840c2b9279d53fe6f03d4
Time: Mon Jul 06 18:38:33 2015
The CL last changed line 100 of file SkOpCoincidence.cpp, which is stack frame 0.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/26ad22ab61539e3d3b6bc5e0da8dcebbd52a53de
Time: Fri Oct 16 16:03:38 2015
The CL last changed line 506 of file SkPathOpsCommon.cpp, which is stack frame 1.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/624637cc8ec22c000409704d0b403ac1b81ad4b0
Time: Mon May 11 14:21:27 2015
The CL last changed line 310 of file SkPathOpsOp.cpp, which is stack frame 2.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/45fa447460f70ec21d22cf4e1531490acfd3c578
Time: Fri Jan 16 15:04:10 2015
The CL last changed line 145 of file SkOpBuilder.cpp, which is stack frame 3.

Author: fmalita@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/c82dacd7af17c33b7f863ed9894f09fef5fbf59e
Time: Tue Jun 16 21:45:57 2015
The CL last changed line 133 of file LayoutSVGResourceClipper.cpp, which is stack frame 4.

Author: pdr
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/adade70750e7aa545e66de4e4c38827cebdb8fad
Time: Thu Oct 22 10:25:37 2015
The CL last changed line 142 of file LayoutSVGResourceClipper.cpp, which is stack frame 5.

Author: fs@opera.com
Project: chromium


Assigning it to caryclark@ as he has worked on similar issues  558281  & 561121. 

Feel free to re-assign to concern dev, if you are not the rightful owner.

Thank you!

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5478104697143296

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  SkOpCoincidence::addExpanded
  HandleCoincidence
  Simplify
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286

Minimized Testcase (0.40 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv956H94Rbu3Nqu7yy-EI2Bv9ATPlti8QSXebe3vSg-DSTtDqVecN6lCuRYJ_zS76ohQrb_amjF_vzlJfpYL0wDt0fUAXDFDEzU50aw408wQLERw3NWL_L26Axkn6489Mk0Yos5QfdhmE8K3lOc_dvIRhb_uQtg
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<defs>
    <path id="star" d="m 100,0 60,10 -160,-110 200,0 -170,110 z" transform="translate(40,40)"/>
    <clipPath id="clip">
        <use xlink:href="#star"/>
        <use xlink:href="#star" transform="translate(444444440,40)"/>
    </clipPath>
</defs>
<rect height="300" width="300" style="fill:green;clip-path:url(#clip);"/>


Filer: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/dae6b97705fde08958b1a36fa6ce685d28fc692c

commit dae6b97705fde08958b1a36fa6ce685d28fc692c
Author: caryclark <caryclark@google.com>
Date: Wed Jun 08 11:28:19 2016

fix pathops fuzz bugs

Fail out in a couple of new places when the input data is very
large and exceeds the limits of the pathops machinery.

Most of the change here plumbs in a way to exclude an assert in
one of these exceptional cases. The current SkAddIntersection
implementation and the inner functions it calls has no way to
report an error to the root caller for an early exit, so rather
than add that in, exclude the assert when the test that would
trigger it runs (allowing the test to otherwise ensure that it
properly fails).

TBR=reed@google.com
BUG= 617586 , 617635 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2046713003

Review-Url: https://codereview.chromium.org/2046713003

[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkAddIntersections.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkDConicLineIntersection.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkIntersections.h
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkOpBuilder.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkOpCoincidence.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkPathOpsCommon.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkPathOpsCommon.h
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkPathOpsOp.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkPathOpsSimplify.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkPathOpsTightBounds.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkPathOpsTypes.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/src/pathops/SkPathOpsTypes.h
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/tests/PathOpsAngleIdeas.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/tests/PathOpsAngleTest.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/tests/PathOpsBuilderTest.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/tests/PathOpsExtendedTest.cpp
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/tests/PathOpsExtendedTest.h
[modify] https://crrev.com/dae6b97705fde08958b1a36fa6ce685d28fc692c/tests/PathOpsOpTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/27c0233b9d759b06b3e4e551a892e9613032198e

commit 27c0233b9d759b06b3e4e551a892e9613032198e
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Wed Jun 08 12:54:04 2016

Roll src/third_party/skia/ 2af4599b5..dae6b9770 (1 commit).

https://chromium.googlesource.com/skia.git/+log/2af4599b5c51..dae6b97705fd

$ git log 2af4599b5..dae6b9770 --date=short --no-merges --format='%ad %ae %s'
2016-06-08 caryclark fix pathops fuzz bugs

BUG= 617586 , 617635 

CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
TBR=mtklein@google.com

Review-Url: https://codereview.chromium.org/2048983003
Cr-Commit-Position: refs/heads/master@{#398532}

[modify] https://crrev.com/27c0233b9d759b06b3e4e551a892e9613032198e/DEPS

ClusterFuzz has detected this issue as fixed in range 398496:398573.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5478104697143296

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  SkOpCoincidence::addExpanded
  HandleCoincidence
  Simplify
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=398496:398573

Minimized Testcase (0.40 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv944xm5OOIcX3S106h_5oKSmDIvgtmArTrvPvxez-4e-V6SkFAsfNtEgEMDV-yXLh1wq0dveNa8aydF641343OTPJeJsxFoVW44Bfg04at8l1L-vtlTktLDsdfr3-RDf7A3s_GCgzU8q2RHppaXBDuNx5xtDwg
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<defs>
    <path id="star" d="m 100,0 60,10 -160,-110 200,0 -170,110 z" transform="translate(40,40)"/>
    <clipPath id="clip">
        <use xlink:href="#star"/>
        <use xlink:href="#star" transform="translate(444444440,40)"/>
    </clipPath>
</defs>

<rect height="300" width="300" style="fill:green;clip-path:url(#clip);"/>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 398520:398731.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5094219891081216

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  SkOpCoincidence::addExpanded
  HandleCoincidence
  OpDebug
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=339260:339503
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=398520:398731

Minimized Testcase (0.69 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96EoHwRnEk1yZfWDNtryg5qVSZjk2wW0fNJHwIPt9qokVFhGkLiHx-A63I0cni2tdN5Ue5Cz_A2kIgRwwdufJ40Wk4hI6VLwCaMRb2TlzHBM0mRFiXrV3aYqEVi9cBS5g4awTwfK_ONGOzINzUKoQnbAK40DQ

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

@ caryclark: Thanks for the quick turnaround.

Thank you!

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot