Findit could not find any suspected CLs.

Suspected Project: chromium

The .cc and .cpp files are not accessible to codesearch.Hence leaving this bug in available state.

Could any one please look into this issue.

Thanks,

Moving this nonessential bug to the next milestone.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Skia repro case:

static void fuzz763_2(skiatest::Reporter* reporter, const char* filename) {
    SkPath path;
    path.setFillType((SkPath::FillType) 1);

    SkPath path1(path);
    path.reset();
    path.setFillType((SkPath::FillType) 0);
path.moveTo(SkBits2Float(0x5b292d55), SkBits2Float(0x212a8c55));  // 4.76191e+16f, 5.7784e-19f
path.moveTo(SkBits2Float(0x3b21081f), SkBits2Float(0x4b7bc003));  // 0.00245715f, 1.64987e+07f
path.lineTo(SkBits2Float(0x2a8ced7a), SkBits2Float(0x21081f21));  // 2.50338e-13f, 4.61198e-19f
path.conicTo(SkBits2Float(0x6a3a7bc0), SkBits2Float(0x4721ed7a), SkBits2Float(0x282a3a21), SkBits2Float(0x3a21df28), SkBits2Float(0x4f9a3a8a));  // 5.63611e+25f, 41453.5f, 9.4495e-15f, 0.000617492f, 5.17506e+09f
path.lineTo(SkBits2Float(0x3b21081f), SkBits2Float(0x4b7bc003));  // 0.00245715f, 1.64987e+07f
path.close();
path.moveTo(SkBits2Float(0x3b21081f), SkBits2Float(0x4b7bc003));  // 0.00245715f, 1.64987e+07f
path.cubicTo(SkBits2Float(0x273ac23a), SkBits2Float(0x1d2a2928), SkBits2Float(0x63962be6), SkBits2Float(0x272a812a), SkBits2Float(0x295b2d29), SkBits2Float(0x29685568));  // 2.5918e-15f, 2.25206e-21f, 5.54035e+21f, 2.36623e-15f, 4.86669e-14f, 5.15884e-14f
path.lineTo(SkBits2Float(0x081f2a21), SkBits2Float(0x7bc00321));  // 4.78968e-34f, 1.99397e+36f
path.lineTo(SkBits2Float(0x282a3a21), SkBits2Float(0x3a21df28));  // 9.4495e-15f, 0.000617492f
path.lineTo(SkBits2Float(0x3b21081f), SkBits2Float(0x4b7bc003));  // 0.00245715f, 1.64987e+07f
path.close();
path.moveTo(SkBits2Float(0x3b21081f), SkBits2Float(0x4b7bc003));  // 0.00245715f, 1.64987e+07f
path.quadTo(SkBits2Float(0x8a4fc29a), SkBits2Float(0x3ab3283a), SkBits2Float(0x1d2a2928), SkBits2Float(0x43962be6));  // -1.00033e-32f, 0.00136686f, 2.25206e-21f, 300.343f
path.moveTo(SkBits2Float(0x5b2d2a81), SkBits2Float(0x29276829));  // 4.87419e+16f, 3.71718e-14f
path.conicTo(SkBits2Float(0x1e2ab03a), SkBits2Float(0x2920213b), SkBits2Float(0x3b3ac527), SkBits2Float(0xc422333b), SkBits2Float(0x6c2a9f1f));  // 9.03617e-21f, 3.5556e-14f, 0.00284989f, -648.8f, 8.25075e+26f
path.quadTo(SkBits2Float(0xc25d2757), SkBits2Float(0x3a705921), SkBits2Float(0x2a105152), SkBits2Float(0x28d91210));  // -55.2884f, 0.000916855f, 1.2818e-13f, 2.40997e-14f
path.quadTo(SkBits2Float(0x68295b2d), SkBits2Float(0x2d296855), SkBits2Float(0x2a8c555b), SkBits2Float(0x081f2a21));  // 3.19905e+24f, 9.6297e-12f, 2.49282e-13f, 4.78968e-34f
path.lineTo(SkBits2Float(0x5b2d2a81), SkBits2Float(0x29276829));  // 4.87419e+16f, 3.71718e-14f
path.close();
path.moveTo(SkBits2Float(0x5b2d2a81), SkBits2Float(0x29276829));  // 4.87419e+16f, 3.71718e-14f
path.conicTo(SkBits2Float(0x6a4b7bc0), SkBits2Float(0x2a8ced7a), SkBits2Float(0x21081f21), SkBits2Float(0xcb7bc003), SkBits2Float(0x47ed7a6a));  // 6.14991e+25f, 2.50338e-13f, 4.61198e-19f, -1.64987e+07f, 121589
path.lineTo(SkBits2Float(0x5b2d2a81), SkBits2Float(0x29276829));  // 4.87419e+16f, 3.71718e-14f
path.close();
path.moveTo(SkBits2Float(0x5b2d2a81), SkBits2Float(0x29276829));  // 4.87419e+16f, 3.71718e-14f
path.quadTo(SkBits2Float(0xdf28282a), SkBits2Float(0x2d8a3a21), SkBits2Float(0x5b682b68), SkBits2Float(0x5b292d55));  // -1.2117e+19f, 1.57146e-11f, 6.53499e+16f, 4.76191e+16f
path.lineTo(SkBits2Float(0x2a212a8c), SkBits2Float(0x0321081f));  // 1.43144e-13f, 4.7323e-37f
path.conicTo(SkBits2Float(0x7a6a4b7b), SkBits2Float(0x212a8ced), SkBits2Float(0x0321081f), SkBits2Float(0x6a3a7bc0), SkBits2Float(0x3a21477a));  // 3.04132e+35f, 5.77848e-19f, 4.7323e-37f, 5.63611e+25f, 0.000615231f
path.moveTo(SkBits2Float(0x21df2828), SkBits2Float(0x9a3a8a3a));  // 1.51217e-18f, -3.85756e-23f
path.quadTo(SkBits2Float(0x3ab38a28), SkBits2Float(0x28273ac2), SkBits2Float(0xe61d2a29), SkBits2Float(0x2a63962b));  // 0.00136978f, 9.2831e-15f, -1.85547e+23f, 2.02138e-13f
path.conicTo(SkBits2Float(0x2d29272a), SkBits2Float(0x5568295b), SkBits2Float(0x5b2d2968), SkBits2Float(0x5b2d6829), SkBits2Float(0x212a8c55));  // 9.61523e-12f, 1.5954e+13f, 4.87407e+16f, 4.88097e+16f, 5.7784e-19f
path.moveTo(SkBits2Float(0x0321081f), SkBits2Float(0x6a4b7bc0));  // 4.7323e-37f, 6.14991e+25f
path.conicTo(SkBits2Float(0x3a2147ed), SkBits2Float(0xdf28282a), SkBits2Float(0x3a8a3a21), SkBits2Float(0x8a284f9a), SkBits2Float(0x3ac23ab3));  // 0.000615238f, -1.2117e+19f, 0.00105459f, -8.10388e-33f, 0.00148185f
path.lineTo(SkBits2Float(0x0321081f), SkBits2Float(0x6a4b7bc0));  // 4.7323e-37f, 6.14991e+25f
path.close();

    SkPath path2(path);
    testPathOp(reporter, path1, path2, (SkPathOp) 4, filename);
}

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6275998467489792

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000060
Crash State:
  SkOpCoincidence::apply
  HandleCoincidence
  OpDebug
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94vJXbP55bTIXRUcwJvE7CJQGuxJkWZwIaiEVPLz8k1rp1tVUOf-O1TivVnG2tWLGZ4twP6UtHigfWUAZWbLaE02A_3of7iVZd6E-gj09ZF44UN-IyEooDno072pCI6x34Z3QdxQ_aJAjGuMCRAYC0y_2QlTQ?testcase_id=6275998467489792


Filer: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6622463949799424

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000060
Crash State:
  SkOpCoincidence::apply
  HandleCoincidence
  Simplify
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv957NGvHqeMKak0khTyJ-49NR5yTAkxZY8k1u2VowB-tLnRWdRw8jZkPDzXsHITJGu1Q-eoByQIPKG5GNoJwm5Hs2uJHiG3uL7nlMY7brfLw9ZPxNEIp_aKs9JSw5j-34t6lweKLiqi4mVkXSqngmLn7NsmZaQ?testcase_id=6622463949799424


Filer: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6251763980304384

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000060
Crash State:
  SkOpCoincidence::apply
  HandleCoincidence
  OpDebug
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94A6MT14UKnipsj9jdq7_8p5WYOaBwQYMh-CDDTh5gPHIo29_xjPqO30itQ07TYI1zR2wmdwkAxaf3ssxqtBNubiI30-eaBSHTN4pvKyCZJ2cjQ4b07xT_0qy4PuK9s2_a-yR5JSQfF-3hdxgH1JkBRr_4OgQ?testcase_id=6251763980304384


Filer: rnimmagadda

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4995946077487104

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000060
Crash State:
  SkOpCoincidence::apply
  HandleCoincidence
  OpDebug
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94o0MycFOC7wvJ7qEdKLGN9w5ZmcpD0wPUOusVWhl8dytab43RXgSuwP6zQolJEmlhK99JvKMacX2CmvQ-BxzjwNAcWZMr_RpXlwTFZvOw_z7hYMUiw_Mj6TelF0j66tS_sD7JEYqBTcNIx6_f2Jugp0YNgrw?testcase_id=4995946077487104


Filer: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 405990:406128.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6240998326009856

Fuzzer: libfuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000060
Crash State:
  next
  SkOpCoincidence::apply
  HandleCoincidence
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401619:401727
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=405990:406128

Minimized Testcase (0.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv943sjxDSrCw49nim-tZ9q1ztoV9D4s93_Wc5ISeN4xy7ewMsWtDyIyjv5aOjtJx07Y82Bh4GJYRlyd96ahxf3OjC441LzaTl_1FFYQukm5D_NHTgttCbUe8KsI47X6BoBryjRmJy04nsa34DXfYabLD2sZ_dg?testcase_id=6240998326009856

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot