New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 623022 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Jul 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in next

Project Member Reported by ClusterFuzz, Jun 24 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6644779878449152

Fuzzer: libfuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000018
Crash State:
  next
  SkOpPtT::contains
  SkOpCoincidence::addExpanded
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401619:401727

Minimized Testcase (0.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96O9-1IzF4-7v0D3jx3moX0l2mc7G_LUm3aCFolZY172Y5E6Q02R5C2DrixuQqP1Cxj7F9GfBz4PhgCP6nEj1ZnqWee0m-bc1E_KDdD5T2wKqDlNnb0UM2aelytye9Xtz-s75bLUV1uuMdCgWt63H0FwHkdPQ?testcase_id=6644779878449152

Filer: msrchandra

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 
Cc: caryclark@chromium.org
Labels: findit-wrong Te-Logged
Status: Untriaged (was: Available)
Unable to find the Culprit using CL, Code Search and findit.
CL details ::
https://chromium.googlesource.com/chromium/src/+log/7c7c0eb2a4166ab67530c1aa3ae3a465b9f1125b..805e13d4c5ebe2f1f76c5493c5ec4f44e9b3e364?pretty=fuller

Adding a related Dev in Cc, could some one please look into the issue and update.
Thank You.
Project Member

Comment 2 by bugdroid1@chromium.org, Jun 28 2016

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26

commit 3f0753d3eccece8ac7f02f6af36d66a96c3dfb26
Author: caryclark <caryclark@google.com>
Date: Tue Jun 28 16:23:57 2016

fix fuzz bugs

Detect more places where the pathops numerics cause numbers
to become nearly identical and subsequently fail. These tests
have extreme inputs and cannot succeed.

Also remove the expectSuccess parameter from PathOpsDebug
and check instead in the test framework.

R=mbarbella@chromium.org
TBR=reed@google.com
BUG= 623072 , 623022 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2103513002

Review-Url: https://codereview.chromium.org/2103513002

[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkDConicLineIntersection.cpp
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkOpCoincidence.cpp
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkOpCoincidence.h
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkPathOpsCommon.cpp
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkPathOpsCommon.h
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkPathOpsConic.cpp
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkPathOpsOp.cpp
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/tests/PathOpsExtendedTest.cpp
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/tests/PathOpsExtendedTest.h
[modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/tests/PathOpsOpTest.cpp

Project Member

Comment 3 by bugdroid1@chromium.org, Jun 28 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19ca72d44bb7abd0e87d0cc2c29eadeaa682b587

commit 19ca72d44bb7abd0e87d0cc2c29eadeaa682b587
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Tue Jun 28 19:20:46 2016

Roll src/third_party/skia/ 085cad4ab..3f0753d3e (3 commits).

https://chromium.googlesource.com/skia.git/+log/085cad4abcca..3f0753d3ecce

$ git log 085cad4ab..3f0753d3e --date=short --no-merges --format='%ad %ae %s'
2016-06-28 caryclark fix fuzz bugs
2016-06-28 robertphillips Address two fuzzer bugs:
2016-06-28 egdaniel Enable many more tests for Vulkan

BUG= 623072 , 623022 

CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel
TBR=benjaminwagner@google.com

Review-Url: https://codereview.chromium.org/2103163003
Cr-Commit-Position: refs/heads/master@{#402509}

[modify] https://crrev.com/19ca72d44bb7abd0e87d0cc2c29eadeaa682b587/DEPS

Comment 4 by sigbjo...@opera.com, Jun 29 2016

Components: Internals>Skia
Cc: -caryclark@chromium.org
Owner: caryclark@google.com
Status: Started (was: Untriaged)
Project Member

Comment 7 by ClusterFuzz, Jul 6 2016

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6644779878449152

Fuzzer: libfuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000018
Crash State:
  next
  SkOpPtT::contains
  SkOpCoincidence::addExpanded
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401619:401727

Minimized Testcase (0.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96O9-1IzF4-7v0D3jx3moX0l2mc7G_LUm3aCFolZY172Y5E6Q02R5C2DrixuQqP1Cxj7F9GfBz4PhgCP6nEj1ZnqWee0m-bc1E_KDdD5T2wKqDlNnb0UM2aelytye9Xtz-s75bLUV1uuMdCgWt63H0FwHkdPQ?testcase_id=6644779878449152

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Status: Fixed (was: Started)
Project Member

Comment 9 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment