Issue metadata
Sign in to add a comment
|
Crash in removeAllBounded |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5771255227875328 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000080 Crash State: removeAllBounded updateBounded SkTSect<SkDCubic, SkDCubic>::extractCoincident Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=405990:406128 Minimized Testcase (0.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94BduXdLMykZG-DrxIBIIcFAVPpsGg03CjrEbvwIgroShadmi9M2LPQp2-TIKujICO15NJLaNazKbEinRiHa2o9PJ2S0ZcUnseaYkfJuv5_4lxcOMPmfMERPIOlzvJXtEdnhXBOqC6AE_r6zC9beqnMztOQEg?testcase_id=5771255227875328 Filer: rnimmagadda See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 26 2016
,
Jul 26 2016
,
Jul 26 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/e25a4f6cbeaccfdc34cf031103f0fbc3e53a3ee5 commit e25a4f6cbeaccfdc34cf031103f0fbc3e53a3ee5 Author: caryclark <caryclark@google.com> Date: Tue Jul 26 16:26:29 2016 fix fuzz bugs Add ability for intersection template to detect that the test contains bounded numbers so that extra asserts can trigger. Add some exit points for out of range numbers in those templates. TBR=reed@google.com BUG= 631383 , 631374 , 631360 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2185703002 Review-Url: https://codereview.chromium.org/2185703002 [modify] https://crrev.com/e25a4f6cbeaccfdc34cf031103f0fbc3e53a3ee5/src/pathops/SkOpCoincidence.cpp [modify] https://crrev.com/e25a4f6cbeaccfdc34cf031103f0fbc3e53a3ee5/src/pathops/SkPathOpsTSect.cpp [modify] https://crrev.com/e25a4f6cbeaccfdc34cf031103f0fbc3e53a3ee5/src/pathops/SkPathOpsTSect.h [modify] https://crrev.com/e25a4f6cbeaccfdc34cf031103f0fbc3e53a3ee5/src/pathops/SkPathOpsTypes.h [modify] https://crrev.com/e25a4f6cbeaccfdc34cf031103f0fbc3e53a3ee5/tests/PathOpsDebug.cpp [modify] https://crrev.com/e25a4f6cbeaccfdc34cf031103f0fbc3e53a3ee5/tests/PathOpsOpTest.cpp
,
Jul 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/47ff12b380da241f7b42b6a83f212b4871320219 commit 47ff12b380da241f7b42b6a83f212b4871320219 Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Tue Jul 26 19:25:03 2016 Roll src/third_party/skia/ 26318c984..e25a4f6cb (2 commits). https://chromium.googlesource.com/skia.git/+log/26318c984ffd..e25a4f6cbeac $ git log 26318c984..e25a4f6cb --date=short --no-merges --format='%ad %ae %s' 2016-07-26 caryclark fix fuzz bugs 2016-07-26 bsalomon Don't unnecessarily resize windows in sk_app on X GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2182163002 BUG= 631383 , 631374 , 631360 TBR=tomhudson@google.com Review-Url: https://codereview.chromium.org/2188443002 Cr-Commit-Position: refs/heads/master@{#407876} [modify] https://crrev.com/47ff12b380da241f7b42b6a83f212b4871320219/DEPS
,
Jul 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4782006617767936 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000078 Crash State: removeAllBounded updateBounded SkTSect<SkDConic, SkDConic>::extractCoincident Minimized Testcase (0.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Uqq3fin5KnovPJeuR8vOSZZkEQ3ThZV9rRq-6FSueMIxy62zYza3TcQ0rpxCPCnzXGpK8I0wHT1NP6ZpdG6Z9CwNqnrwh8RKyfvQK3K3BSeAYL9C9OU5YfT0_5Y6a1NKC79JsnLlyObfJWHMKVQMvoK6_AQ?testcase_id=4782006617767936 Filer: rnimmagadda See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 27 2016
ClusterFuzz has detected this issue as fixed in range 407873:408034. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5771255227875328 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000080 Crash State: removeAllBounded updateBounded SkTSect<SkDCubic, SkDCubic>::extractCoincident Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=405990:406128 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=407873:408034 Minimized Testcase (0.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94BduXdLMykZG-DrxIBIIcFAVPpsGg03CjrEbvwIgroShadmi9M2LPQp2-TIKujICO15NJLaNazKbEinRiHa2o9PJ2S0ZcUnseaYkfJuv5_4lxcOMPmfMERPIOlzvJXtEdnhXBOqC6AE_r6zC9beqnMztOQEg?testcase_id=5771255227875328 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 27 2016
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by rnimmagadda@chromium.org
, Jul 26 2016Labels: -Pri-1 -Type-Bug M-54 findit-wrong Te-Logged Pri-2 Type-Bug-Regression
Owner: caryclark@chromium.org
Status: Assigned (was: Untriaged)