New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 626610 link

Starred by 1 user
Status: Verified
Owner:
mbarbe...@chromium.org
Closed: Jul 2016
Cc:
ssamanoori@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Crash in SkTSect<SkDConic, SkDQuad>::binarySearchCoin

Project Member Reported by ClusterFuzz, Jul 8 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6550191494922240

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x0000000000a8
Crash State:
  SkTSect<SkDConic, SkDQuad>::binarySearchCoin
  SkTSect<SkDConic, SkDQuad>::extractCoincident
  SkTSect<SkDConic, SkDQuad>::BinarySearch
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404

Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97HBMhu9K2SzPjnBMI1olG79yRB_LQAwEGPaZoQgGyPU6OAWZNKDz7fX2emBtlXDD-7TI0DA6FoNRDZVh2y-3A6j7NYt9QZK1GksO1jRm6BISYXSzuyr3NjAXNIf9jffwwrUCVOOlfQ_6X2wunWr1V_OVYlPQ?testcase_id=6550191494922240

Filer: ssamanoori

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ssamanoori@chromium.org, Jul 8 2016

Cc: -ssamanoori@google.com ssamanoori@chromium.org
Components: Tools>Test>FindIt>NoResult
Labels: -Type-Bug Te-Logged M-53 Type-Bug-Regression
Owner: mbarbe...@chromium.org
Status: Assigned (was: Available)
Through code search on file 'skia_pathop_fuzzer.cc' suspecting the below
https://chromium.googlesource.com/chromium/src/+/d39a8d816bab5d9c7b572c1ef9e6a53224e0b0c9%5E%21/testing/libfuzzer/fuzzers/skia_pathop_fuzzer.cc

mbarbella@Could you please look into this issue if its related to your change,else please re assign it to an appropriate dev person.

Thanks,
Project Member

Comment 2 by sheriffbot@chromium.org, Jul 8 2016

Labels: -M-53 M-54 MovedFrom-53
Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by ClusterFuzz, Jul 13 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5588809404383232

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000070
Crash State:
  SkTSect<SkDConic, SkDQuad>::extractCoincident
  SkTSect<SkDConic, SkDQuad>::BinarySearch
  SkIntersections::intersect
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96I2dm0Hr0rpCnhO_5vkGcMleZgNazvgxB-fq4M4k3Wn8-Q3i_Eq7w5j7OP2oardsV_tZZsKiZtUzAjSBZBWGi2vyMBUfYbJvum-0HOxuS_ZX2T4EkEPGNClDmQ46E6Rdg1oyDEgs6ReHLS2Nxsl9LZjFqi8Q?testcase_id=5588809404383232


Filer: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 4 by ClusterFuzz, Jul 15 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6186374176964608

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x0000000000a8
Crash State:
  SkTSect<SkDConic, SkDQuad>::binarySearchCoin
  SkTSect<SkDConic, SkDQuad>::extractCoincident
  SkTSect<SkDConic, SkDQuad>::BinarySearch
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95LO0klom-v7R1rizwbgl_AHAk0_se4P2p_bu1GntvuRdTI381vmuCwpTNR3ASpenETb-L94wsG6QvDAppyAcirPQ5VhOmJWfKRWMlnyawHIga0EMUKZJxELRe-9oZthtrhL5I0zrVXMGKCw7dvMgaYH2KIzQ?testcase_id=6186374176964608


Filer: rnimmagadda

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 5 by ClusterFuzz, Jul 29 2016 

ClusterFuzz has detected this issue as fixed in range 406032:406205.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6186374176964608

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x0000000000a8
Crash State:
  SkTSect<SkDConic, SkDQuad>::binarySearchCoin
  SkTSect<SkDConic, SkDQuad>::extractCoincident
  SkTSect<SkDConic, SkDQuad>::BinarySearch
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=406032:406205

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95LO0klom-v7R1rizwbgl_AHAk0_se4P2p_bu1GntvuRdTI381vmuCwpTNR3ASpenETb-L94wsG6QvDAppyAcirPQ5VhOmJWfKRWMlnyawHIga0EMUKZJxELRe-9oZthtrhL5I0zrVXMGKCw7dvMgaYH2KIzQ?testcase_id=6186374176964608


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Jul 29 2016 

ClusterFuzz has detected this issue as fixed in range 406032:406205.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5588809404383232

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000070
Crash State:
  SkTSect<SkDConic, SkDQuad>::extractCoincident
  SkTSect<SkDConic, SkDQuad>::BinarySearch
  SkIntersections::intersect
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=406032:406205

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96I2dm0Hr0rpCnhO_5vkGcMleZgNazvgxB-fq4M4k3Wn8-Q3i_Eq7w5j7OP2oardsV_tZZsKiZtUzAjSBZBWGi2vyMBUfYbJvum-0HOxuS_ZX2T4EkEPGNClDmQ46E6Rdg1oyDEgs6ReHLS2Nxsl9LZjFqi8Q?testcase_id=5588809404383232


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Jul 29 2016 

ClusterFuzz has detected this issue as fixed in range 406032:406205.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6550191494922240

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x0000000000a8
Crash State:
  SkTSect<SkDConic, SkDQuad>::binarySearchCoin
  SkTSect<SkDConic, SkDQuad>::extractCoincident
  SkTSect<SkDConic, SkDQuad>::BinarySearch
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=406032:406205

Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97HBMhu9K2SzPjnBMI1olG79yRB_LQAwEGPaZoQgGyPU6OAWZNKDz7fX2emBtlXDD-7TI0DA6FoNRDZVh2y-3A6j7NYt9QZK1GksO1jRm6BISYXSzuyr3NjAXNIf9jffwwrUCVOOlfQ_6X2wunWr1V_OVYlPQ?testcase_id=6550191494922240

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 8 by ClusterFuzz, Jul 29 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 9 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult
Project Member

Comment 10 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment