Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in containsCoincidence |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5748862103060480 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=401582:401636 Minimized Testcase (0.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Z8yIVJHeL9136Ze0IsJMw24Hywxodl_9uDFVCRMAahg-FMNNhJpbjlGjiDWhXN4XbSgfn-UaI4BXjPGVitZMmp5KqEZOaOBljmstUmQ20VrjB1EMOuQa7bQ-0SQy1QI4m8ZaeU6ti0wsO7ZElDJZnKs8iIw?testcase_id=5748862103060480 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 24 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4661294578008064 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000060 Crash State: next SkOpCoincidence::apply HandleCoincidence Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401619:401727 Minimized Testcase (0.29 Kb): https://cluster-fuzz.appspot.com/download/AMIfv965mFh6wZEnHIR6WwQNZHVhifPIOmZwHIQm4LJz3ML6Jo19HpZlHqM_TEPPg3xQEUkeQP5DIAxYgH69wSnrcsTpZlc4YLuzmVnrk64Uvc72tFnaKX9dK4tWbrjFC8kmmisg2AsfKpj95zqJObt4OgzGcjm3Kw?testcase_id=4661294578008064 Filer: mbarbella See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 24 2016
,
Jun 25 2016
,
Jun 27 2016
Routing to caryclark@ - can you take a look at this please? It's not clear in the Skia diff range what would have triggered this.
,
Jun 27 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 27 2016
Cary, checkout https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/README.md. This is a fuzzer unittest passing binary blob to function.
,
Jun 27 2016
Actually, I already had a test for this written from when I was poking at this bug. Didn't notice it got reassigned. https://codereview.chromium.org/2100963002/
,
Jun 28 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26 commit 3f0753d3eccece8ac7f02f6af36d66a96c3dfb26 Author: caryclark <caryclark@google.com> Date: Tue Jun 28 16:23:57 2016 fix fuzz bugs Detect more places where the pathops numerics cause numbers to become nearly identical and subsequently fail. These tests have extreme inputs and cannot succeed. Also remove the expectSuccess parameter from PathOpsDebug and check instead in the test framework. R=mbarbella@chromium.org TBR=reed@google.com BUG= 623072 , 623022 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2103513002 Review-Url: https://codereview.chromium.org/2103513002 [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkDConicLineIntersection.cpp [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkOpCoincidence.cpp [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkOpCoincidence.h [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkPathOpsCommon.cpp [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkPathOpsCommon.h [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkPathOpsConic.cpp [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/src/pathops/SkPathOpsOp.cpp [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/tests/PathOpsExtendedTest.cpp [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/tests/PathOpsExtendedTest.h [modify] https://crrev.com/3f0753d3eccece8ac7f02f6af36d66a96c3dfb26/tests/PathOpsOpTest.cpp
,
Jun 28 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6334545666506752 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00009fff800b Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401619:401727 Minimized Testcase (0.49 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94v4Zxfny3uK6GgK6ChEshNk4BnLyj8941TUkwsIbt1iNW_NBwpm0zFY2CJMxugAHFKbjWPmaWS7PKraXLvYp2oxiaTyDFj8jEKjX7W_rWurUY_WSL-_wNaHTRviXIZ967ZREKdIV1ai07LZ1Hq3k-riPQNxw?testcase_id=6334545666506752 Filer: tanin See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 28 2016
M53 is branching this week and will be promoted to Beta in July.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix ASAP. Thank you.
,
Jun 28 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/19ca72d44bb7abd0e87d0cc2c29eadeaa682b587 commit 19ca72d44bb7abd0e87d0cc2c29eadeaa682b587 Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Tue Jun 28 19:20:46 2016 Roll src/third_party/skia/ 085cad4ab..3f0753d3e (3 commits). https://chromium.googlesource.com/skia.git/+log/085cad4abcca..3f0753d3ecce $ git log 085cad4ab..3f0753d3e --date=short --no-merges --format='%ad %ae %s' 2016-06-28 caryclark fix fuzz bugs 2016-06-28 robertphillips Address two fuzzer bugs: 2016-06-28 egdaniel Enable many more tests for Vulkan BUG= 623072 , 623022 CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel TBR=benjaminwagner@google.com Review-Url: https://codereview.chromium.org/2103163003 Cr-Commit-Position: refs/heads/master@{#402509} [modify] https://crrev.com/19ca72d44bb7abd0e87d0cc2c29eadeaa682b587/DEPS
,
Jun 28 2016
,
Jun 29 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5748862103060480 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=401582:401636 Minimized Testcase (0.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Z8yIVJHeL9136Ze0IsJMw24Hywxodl_9uDFVCRMAahg-FMNNhJpbjlGjiDWhXN4XbSgfn-UaI4BXjPGVitZMmp5KqEZOaOBljmstUmQ20VrjB1EMOuQa7bQ-0SQy1QI4m8ZaeU6ti0wsO7ZElDJZnKs8iIw?testcase_id=5748862103060480 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 29 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5748862103060480 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=401582:401636 Minimized Testcase (0.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Z8yIVJHeL9136Ze0IsJMw24Hywxodl_9uDFVCRMAahg-FMNNhJpbjlGjiDWhXN4XbSgfn-UaI4BXjPGVitZMmp5KqEZOaOBljmstUmQ20VrjB1EMOuQa7bQ-0SQy1QI4m8ZaeU6ti0wsO7ZElDJZnKs8iIw?testcase_id=5748862103060480 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 29 2016
ClusterFuzz has detected this issue as fixed in range 402433:402512. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6334545666506752 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00009fff800b Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401619:401727 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=402433:402512 Minimized Testcase (0.49 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94v4Zxfny3uK6GgK6ChEshNk4BnLyj8941TUkwsIbt1iNW_NBwpm0zFY2CJMxugAHFKbjWPmaWS7PKraXLvYp2oxiaTyDFj8jEKjX7W_rWurUY_WSL-_wNaHTRviXIZ967ZREKdIV1ai07LZ1Hq3k-riPQNxw?testcase_id=6334545666506752 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 29 2016
,
Jun 29 2016
ClusterFuzz has detected this issue as fixed in range 402433:402512. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4661294578008064 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000060 Crash State: next SkOpCoincidence::apply HandleCoincidence Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401619:401727 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=402433:402512 Minimized Testcase (0.29 Kb): https://cluster-fuzz.appspot.com/download/AMIfv965mFh6wZEnHIR6WwQNZHVhifPIOmZwHIQm4LJz3ML6Jo19HpZlHqM_TEPPg3xQEUkeQP5DIAxYgH69wSnrcsTpZlc4YLuzmVnrk64Uvc72tFnaKX9dK4tWbrjFC8kmmisg2AsfKpj95zqJObt4OgzGcjm3Kw?testcase_id=4661294578008064 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 6 2016
,
Jul 6 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6017134966865920 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=401582:401636 Minimized Testcase (0.46 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95FMFgSUrWzPwgAzApkfzS2P5eqC0ryuJp_Yk26w1b2TwYsXHmz13r_fCf7D65kw5p50X9ZHfsN7unOVvuJHnGt1hA9bS8TW9QFUJoLvIs62vZYGbLk7bIEgbyMMiVP9LHI2aPT11aOqC7evTfxVC46EWSlxw?testcase_id=6017134966865920 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 6 2016
,
Jul 6 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6017134966865920 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=401582:401636 Minimized Testcase (0.46 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95FMFgSUrWzPwgAzApkfzS2P5eqC0ryuJp_Yk26w1b2TwYsXHmz13r_fCf7D65kw5p50X9ZHfsN7unOVvuJHnGt1hA9bS8TW9QFUJoLvIs62vZYGbLk7bIEgbyMMiVP9LHI2aPT11aOqC7evTfxVC46EWSlxw?testcase_id=6017134966865920 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 6 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5748862103060480 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=401582:401636 Minimized Testcase (0.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Z8yIVJHeL9136Ze0IsJMw24Hywxodl_9uDFVCRMAahg-FMNNhJpbjlGjiDWhXN4XbSgfn-UaI4BXjPGVitZMmp5KqEZOaOBljmstUmQ20VrjB1EMOuQa7bQ-0SQy1QI4m8ZaeU6ti0wsO7ZElDJZnKs8iIw?testcase_id=5748862103060480 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 8 2016
,
Jul 8 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5615026723618816 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95XpLJ-FzvL1pS210o_I9YFjyGgnywQt8z6F9mOwwE7cpAi1YIGn4sJu1q86-IKIpYY-mhcDPusrf6vyKtM3Qe3uCSCQiKcKJhbvpvqhId8Y4OP8cWffMXb4bApWikN3wbUI4IG-YNExFhAysBwApgYDwVtBA?testcase_id=5615026723618816 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 8 2016
,
Jul 19 2016
ClusterFuzz has detected this issue as fixed in range 406010:406169. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5615026723618816 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: containsCoincidence SkOpCoincidence::mark HandleCoincidence Recommended Security Severity: Medium Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=406010:406169 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95XpLJ-FzvL1pS210o_I9YFjyGgnywQt8z6F9mOwwE7cpAi1YIGn4sJu1q86-IKIpYY-mhcDPusrf6vyKtM3Qe3uCSCQiKcKJhbvpvqhId8Y4OP8cWffMXb4bApWikN3wbUI4IG-YNExFhAysBwApgYDwVtBA?testcase_id=5615026723618816 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 26 2016
Removing ReleaseBlock-Beta as the fix is already in M53.
,
Oct 14 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mbarbe...@chromium.org
, Jun 24 2016Status: Assigned (was: Available)