Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in SuperBlitter::blitH |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4863802214711296 Fuzzer: afl_skia_path_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x60dfffffcd74 Crash State: SuperBlitter::blitH sk_fill_path SkScan::AntiFillPath Recommended Security Severity: Medium Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95LXgLOEvXjMtsIb_UkfLYgG8Svo1vLUk-tehOUn_br_hGteJHmpUayXNh_z_umeWut0AyjtifxwfGvs8eQv4YsQmpRK9bUeg8XH_nci0ci80CHo0OsrHUtGj1qfSFTalL7EdTSQuioGoYv6ZEIIBUpPstx8g?testcase_id=4863802214711296 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 19 2016
,
Jul 19 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 19 2016
,
Jul 19 2016
,
Jul 19 2016
,
Jul 19 2016
M53 beta launch is next week.Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix before 6:00 PM PST, Friday (07/22/16). Thank you.
,
Jul 20 2016
,
Jul 20 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/158fabb071f2cb275bc88c139e88e8eb3bf140ee commit 158fabb071f2cb275bc88c139e88e8eb3bf140ee Author: reed <reed@google.com> Date: Wed Jul 20 17:06:59 2016 re-chop if we fail on a big-bad-cubic BUG= 629455 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2159223005 Review-Url: https://codereview.chromium.org/2159223005 [modify] https://crrev.com/158fabb071f2cb275bc88c139e88e8eb3bf140ee/src/core/SkEdgeClipper.cpp [modify] https://crrev.com/158fabb071f2cb275bc88c139e88e8eb3bf140ee/tests/PathTest.cpp
,
Jul 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8a4804e5955fa16df51c669de5c2871e4446695b commit 8a4804e5955fa16df51c669de5c2871e4446695b Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Wed Jul 20 19:22:42 2016 Roll src/third_party/skia/ ea70c4bb2..f2944815e (3 commits). https://chromium.googlesource.com/skia.git/+log/ea70c4bb2239..f2944815e5e4 $ git log ea70c4bb2..f2944815e --date=short --no-merges --format='%ad %ae %s' 2016-07-20 kjlubick Add vulkan sdk to CIPD 2016-07-20 reed re-chop if we fail on a big-bad-cubic 2016-07-20 bungeman Improve assert reporting. BUG= 629455 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_blink_rel TBR=jcgregorio@google.com Review-Url: https://codereview.chromium.org/2164053002 Cr-Commit-Position: refs/heads/master@{#406636} [modify] https://crrev.com/8a4804e5955fa16df51c669de5c2871e4446695b/DEPS
,
Jul 21 2016
,
Jul 21 2016
,
Jul 21 2016
I'm afraid sheriffbot's label changes were a hiccup - this is still a blocker for Friday's M53. Any remaining actions before marking as fixed and requesting merge?
,
Jul 22 2016
,
Jul 22 2016
,
Jul 22 2016
,
Jul 23 2016
,
Jul 25 2016
,
Jul 25 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/262ceef9c241f4dd8f505acbef586423d239874f commit 262ceef9c241f4dd8f505acbef586423d239874f Author: reed <reed@google.com> Date: Mon Jul 25 15:46:18 2016 cherry-pick https://codereview.chromium.org/2159223005 BUG= 629455 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2174383002 NOTREECHECKS=true NOTRY=true NOPRESUBMIT=true Review-Url: https://codereview.chromium.org/2174383002 [modify] https://crrev.com/262ceef9c241f4dd8f505acbef586423d239874f/src/core/SkEdgeClipper.cpp [modify] https://crrev.com/262ceef9c241f4dd8f505acbef586423d239874f/tests/PathTest.cpp
,
Jul 26 2016
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 27 2016
,
Jul 27 2016
,
Nov 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Jul 19 2016Components: Internals>Skia
Labels: -Stability-Libfuzzer M-53 Pri-2
Owner: reed@chromium.org
Summary: Heap-buffer-overflow in SuperBlitter::blitH (was: Crash in SuperBlitter::blitH)