Issue metadata
Sign in to add a comment
|
Crash in SkPixelRef::SkPixelRef |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6622397663019008 Fuzzer: sugoi_filter_fuzzer Job Type: linux_asan_filter_fuzz_stub_32bit Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x00000004 Crash State: SkPixelRef::SkPixelRef SkMallocPixelRef::NewZeroed SkSpecialSurface::MakeRaster Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_filter_fuzz_stub_32bit&range=357565:358520 Minimized Testcase (0.23 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Z6dktJrLTIY0ixdqR_dA6U5K4bu93L6_d5dY0RZE3pW0QTIOQxyf3tEI6gyfKiFYmaqpHnpJ-vfreWfk3W8yJha4fd9rXr7ihbEnPTRnKV7tyPAsL-yv0d2VFK3hddTFPl0yk72jp6yZmFjx4XDblL6eSUA?testcase_id=6622397663019008 Filer: kavvaru See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 13 2016
Looks like the same as 623669. We've also seen this in 626980, where calloc is not involved. We see the same problem through both SkMallocPixelRef::NewAllocate and SkMallocPixelRef::NewZeroed.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 13 2017
ClusterFuzz has detected this issue as fixed in range 485950:486007. Detailed report: https://clusterfuzz.com/testcase?key=6622397663019008 Fuzzer: sugoi_filter_fuzzer Job Type: linux_asan_filter_fuzz_stub_32bit Platform Id: linux Crash Type: Null-dereference WRITE Crash Address: 0x00000004 Crash State: SkPixelRef::SkPixelRef SkMallocPixelRef::MakeZeroed SkSpecialSurface::MakeRaster Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_filter_fuzz_stub_32bit&range=357565:358520 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_filter_fuzz_stub_32bit&range=485950:486007 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6622397663019008 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kavvaru@chromium.org
, Jul 13 2016Labels: Te-Logged M-53
Owner: mtklein@chromium.org
Status: Assigned (was: Available)