I don't see the command line reproduction for this one either. Also, please use my google.com address when assigning bugs to me. Thanks

I apologize for appearing dense but each time I get one of these bugs I have to re-learn the steps to repro. I see that if I follow enough links I get generic information about 'Clusterfuzz Local Reproduction' and 'Reproducing ClusterFuzz bugs' but to say these instructions are obtuse is an understatement.

It would be great if, in addition to generating a bug report, the clusterfuzz test suite also generated an executable script, that, given an environment that has previously been setup to reproduce a clusterfuzz bug, repros this bug. Thanks for any assistance you can provide.

Thanks for the feedback! Instructions are there:  https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md#Reproducing-AFL-ASan-bugs

How to simplify the reproduction - is a good thing to think about.

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/b1b12f8666a48b8ff1367beed97bc84032552ac8

commit b1b12f8666a48b8ff1367beed97bc84032552ac8
Author: reed <reed@google.com>
Date: Wed Jul 13 17:56:53 2016

handle large conic weights

BUG= 627414 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2142393003

Review-Url: https://codereview.chromium.org/2142393003

[modify] https://crrev.com/b1b12f8666a48b8ff1367beed97bc84032552ac8/include/core/SkPoint.h
[modify] https://crrev.com/b1b12f8666a48b8ff1367beed97bc84032552ac8/src/core/SkGeometry.cpp
[modify] https://crrev.com/b1b12f8666a48b8ff1367beed97bc84032552ac8/tests/GeometryTest.cpp
[modify] https://crrev.com/b1b12f8666a48b8ff1367beed97bc84032552ac8/tests/PathTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/147aa480f8470165482f39f14a41bf82372096dd

commit 147aa480f8470165482f39f14a41bf82372096dd
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Wed Jul 13 21:40:54 2016

Roll src/third_party/skia/ 9199a9fef..82945560e (15 commits).

https://chromium.googlesource.com/skia.git/+log/9199a9fef989..82945560e61f

$ git log 9199a9fef..82945560e --date=short --no-merges --format='%ad %ae %s'
2016-07-13 bungeman Disable embedded bitmap test on iOS.
2016-07-13 reed handle large conic weights
2016-07-13 senorblanco Fix vertex count estimate in GrTessellator.
2016-07-13 csmartdalton Add resource provider flag to avoid client-side buffers
2016-07-13 mtklein Turn back on nanobench on Debug trybots.
2016-07-13 robertphillips Retract PipelineBuilder from GrClip::apply
2016-07-13 brianosman Never allow dither for non-legacy (sRGB or F16) targets.
2016-07-13 mtklein Revert "Added the framework for having canvas/recorder/picture record depth_set's."
2016-07-13 csmartdalton Fix various issues with instanced rendering precision
2016-07-13 csmartdalton Replace switch statements in instanced vertex shaders
2016-07-13 csmartdalton Fix GL shader sources getting truncated by ADB log
2016-07-13 vjiaoblack Added the framework for having canvas/recorder/picture record depth_set's. GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2127233002
2016-07-13 mtklein SkRasterPipeline: simplify impl and remove need to rewire stages
2016-07-13 msarett Try blacklisting RAW images on Nexus 9
2016-07-13 mtklein Update SkOpts namespaces.

BUG= 627414 

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_blink_rel
TBR=msarett@google.com

Review-Url: https://codereview.chromium.org/2149723002
Cr-Commit-Position: refs/heads/master@{#405301}

[modify] https://crrev.com/147aa480f8470165482f39f14a41bf82372096dd/DEPS

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6514671813394432

Fuzzer: afl_skia_path_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7f3231aaa9b9
Crash State:
  MaskSuperBlitter::blitH
  walk_convex_edges
  sk_fill_path
  
Recommended Security Severity: Medium


Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97mbnhWRIsQq8xsjYLPrN3yFBO0s01Qe_0ZdsfV_xRUirvYQ72PGRGgn2Jbklp2VhIEA2QbsvjePtl8kpSwMMhXe2752CMg4GyBxDuN68uufO-Dd5-qC362x-8CJVjRKcGrKKHQTn-gaNgHbK09R0vvPHy3ow?testcase_id=6514671813394432


Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

M53 beta launch is coming soon.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix before 6:00 PM PST, Monday (07/18/16). Thank you.

M53 beta launch is next week.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix before 6:00 PM PST, Friday (07/22/16). Thank you.

I'm afraid sheriffbot's label changes were a hiccup - this is still a blocker for Friday's M53. 

The following revision refers to this bug:
  https://skia.googlesource.com/skia.git/+/d520f1452febbacea56a602d128131841f2fe693

commit d520f1452febbacea56a602d128131841f2fe693
Author: reed <reed@google.com>
Date: Mon Jul 25 16:37:27 2016

cherry-pick fix for large conic weights
https://codereview.chromium.org/2142393003

BUG= 627414 
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2174413002
NOTREECHECKS=true
NOTRY=true
NOPRESUBMIT=true

TBR=caryclark@google.com

Review-Url: https://codereview.chromium.org/2174413002

[modify] https://crrev.com/d520f1452febbacea56a602d128131841f2fe693/include/core/SkPoint.h
[modify] https://crrev.com/d520f1452febbacea56a602d128131841f2fe693/src/core/SkGeometry.cpp
[modify] https://crrev.com/d520f1452febbacea56a602d128131841f2fe693/tests/GeometryTest.cpp
[modify] https://crrev.com/d520f1452febbacea56a602d128131841f2fe693/tests/PathTest.cpp

ClusterFuzz has detected this issue as fixed in range 405208:405387.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6514671813394432

Fuzzer: afl_skia_path_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7f3231aaa9b9
Crash State:
  MaskSuperBlitter::blitH
  walk_convex_edges
  sk_fill_path
  
Recommended Security Severity: Medium

Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=405208:405387

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97mbnhWRIsQq8xsjYLPrN3yFBO0s01Qe_0ZdsfV_xRUirvYQ72PGRGgn2Jbklp2VhIEA2QbsvjePtl8kpSwMMhXe2752CMg4GyBxDuN68uufO-Dd5-qC362x-8CJVjRKcGrKKHQTn-gaNgHbK09R0vvPHy3ow?testcase_id=6514671813394432


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

reed: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Please mark security bugs as fixed as soon as the fix lands, and before requesting merges.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot