New issue
Advanced search Search tips

Issue 627049 link

Starred by 1 user
Status: Verified
Owner: ----
Closed: Jul 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

isAccelerated() || isHibernating() in Canvas2DLayerBridge.cpp

Project Member Reported by ClusterFuzz, Jul 11 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5500973934182400

Fuzzer: inferno_canvas_wrecker
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  isAccelerated() || isHibernating() in Canvas2DLayerBridge.cpp
  blink::Canvas2DLayerBridge::mailboxReleased
  cc_blink::WebExternalTextureLayerImpl::DidReleaseMailbox
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=137628:137633

Minimized Testcase (0.43 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Y8Xby4e0KYV1nE_qGwKiDMFALMZDs3cH65lhIEE_v0heGIcUwDAm3-a0hNrhi4UftU0-nxa7Z-7RWEC98yljKGT09UV_9ZuVx6OUENEU7Cpx8lJQuhoagZZ5OlINI0LaJS_JiuASbvFyTsNdsTSpbS5FldA?testcase_id=5500973934182400

Filer: kavvaru

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by kavvaru@chromium.org, Jul 11 2016

Components: Internals>GPU>Canvas2D
Labels: Needs-triage Te-Logged M-52
stack trace does not have .cc or .cpp files to triage the issue.hence leaving this bug in available state.

Could any one please look into this issue.

Thanks,
Project Member

Comment 2 by ClusterFuzz, Jul 14 2016 

ClusterFuzz has detected this issue as fixed in range 404895:404947.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5500973934182400

Fuzzer: inferno_canvas_wrecker
Job Type: linux_debug_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  isAccelerated() || isHibernating() in Canvas2DLayerBridge.cpp
  blink::Canvas2DLayerBridge::mailboxReleased
  cc_blink::WebExternalTextureLayerImpl::DidReleaseMailbox
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=137628:137633
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_debug_chrome&range=404895:404947

Minimized Testcase (0.43 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94Y8Xby4e0KYV1nE_qGwKiDMFALMZDs3cH65lhIEE_v0heGIcUwDAm3-a0hNrhi4UftU0-nxa7Z-7RWEC98yljKGT09UV_9ZuVx6OUENEU7Cpx8lJQuhoagZZ5OlINI0LaJS_JiuASbvFyTsNdsTSpbS5FldA?testcase_id=5500973934182400
><canvas id='canvas1' width=1673px<source</video><script>
var C = document.getElementById('canvas1');
var Z = C.getContext('2d');
var scriptStrs = ['Z.scale(7, 0.238586)',
'Z.getImageData(-2.16034165948, 0.721682, 91, -7)',
'Z.fillText("[! ꏕ숴ᇄX`萭깪b譇", 5.33840290305, 0.222201, -7.76203459841, 0.907757)'];
var index = 0; function execute() {; try { eval(scriptStrs[index++]); } catch(e) {}}
setInterval(execute);</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Jul 14 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment