Crash in segment |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5913665605992448 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: segment containsCoincidence SkOpSpan::insertCoincidence Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=405990:406128 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=407416:407611 Minimized Testcase (0.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97gOkDSmFbt7XGvZCTwaoLc7e03IpYB6XCGDUQ5n-S2oSjHfjE7HSELtQ7Tzi5pvQmYvrxneLT0DrOumqtOXZkkGhn0nZHb69rGUuGLeFmk1eVI_dKcgsOZxaN6CtJg-EyWYcFFH_MU7NOf7F7TbDW0B5Ga8Q?testcase_id=5913665605992448 Filer: mmohammad See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6293821952622592 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: segment containsCoincidence SkOpSpan::insertCoincidence Minimized Testcase (0.43 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96aQScqBwlgVmSuLCb5YaJw7SRo8H0RXthbW1DAEmaV3jAoPvVDmaEvIwhQExRHG0wb9hJ1GiBFa8JS4He9qM3sWTkr0Q77p7Tzqkpgy2TzXE7Lc9l5I9JwDrLdJXeZfqsuZoTKzCFLpdTXZg-VKbB5iR31LA?testcase_id=6293821952622592 Filer: rnimmagadda See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 27 2016
,
Jul 27 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/fc560e09b3f777bb32dccb9f52d715383a10a620 commit fc560e09b3f777bb32dccb9f52d715383a10a620 Author: caryclark <caryclark@google.com> Date: Wed Jul 27 15:46:10 2016 fuzz wednesday Add debug 'skip assert' access to SkCoincidentSpans. That permits suppressing asserts to make it easier to detect when this fuzz data generates unparsable data. TBR=reed@google.com BUG= 631564 , 631992 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2186973002 Review-Url: https://codereview.chromium.org/2186973002 [modify] https://crrev.com/fc560e09b3f777bb32dccb9f52d715383a10a620/src/pathops/SkOpCoincidence.cpp [modify] https://crrev.com/fc560e09b3f777bb32dccb9f52d715383a10a620/src/pathops/SkOpCoincidence.h [modify] https://crrev.com/fc560e09b3f777bb32dccb9f52d715383a10a620/src/pathops/SkOpSpan.h [modify] https://crrev.com/fc560e09b3f777bb32dccb9f52d715383a10a620/tests/PathOpsOpTest.cpp
,
Jul 27 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b8093c0e629c888bad9b0da0d1f477fa6d1c6bc9 commit b8093c0e629c888bad9b0da0d1f477fa6d1c6bc9 Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Wed Jul 27 18:30:06 2016 Roll src/third_party/skia/ 735109c24..89da69303 (10 commits). https://chromium.googlesource.com/skia.git/+log/735109c24892..89da69303550 $ git log 735109c24..89da69303 --date=short --no-merges --format='%ad %ae %s' 2016-07-27 halcanary DEPS: ICU c291cde → ec9c113 2016-07-27 halcanary DEPS: harfbuzz 1.2.7 → 1.3.0 2016-07-27 halcanary DEPS: sfntly 130f832 → 468cad5 2016-07-27 borenet Include "revision" tag for all Swarming tasks 2016-07-27 brianosman Fix ParseConfigs_ViaParsing test when skia_angle=1 2016-07-27 bsalomon Fix leak of srgb/adobesrgb colorspace objects 2016-07-27 borenet Fix Perf data upload 2016-07-27 bsalomon SW backend for viewer on Windows GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2182273002 2016-07-27 caryclark fuzz wednesday 2016-07-27 mtklein Clean up some unused atomic routines. BUG= 631564 , 631992 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel TBR=tomhudson@google.com Review-Url: https://codereview.chromium.org/2187903002 Cr-Commit-Position: refs/heads/master@{#408192} [modify] https://crrev.com/b8093c0e629c888bad9b0da0d1f477fa6d1c6bc9/DEPS
,
Jul 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5279027682344960 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: segment containsCoincidence SkOpSpan::insertCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=406010:406169 Minimized Testcase (0.43 Kb): https://cluster-fuzz.appspot.com/download/AMIfv964lsiUcZJ_3maesJVk-M9uMJ0-TygeTBxj0XbvrLQNvNKIzWhAR58gQvKkxIQwBLbZEJNOEWuXc0jjrmefOnakY_uI7cGlDvDfZgPMEgU56SiL2GYuwgcgXG543qE63h0Xc_a5KeyZuIfNXWZLnAuy9qOn6w?testcase_id=5279027682344960 Filer: tanin See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 27 2016
testcase in #6 passes with CL mentioned in #4
,
Oct 18 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by kavvaru@chromium.org
, Jul 27 2016Owner: caryclark@chromium.org
Status: Assigned (was: Untriaged)