Issue metadata
Sign in to add a comment
|
Integer-overflow in SkTAbs<int> |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5184708019486720 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: SkTAbs<int> UseInnerWinding SkOpSegment::markAngle Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=406065:406218 Minimized Testcase (0.42 Kb): https://cluster-fuzz.appspot.com/download/AMIfv966-RKOSfG-6d5Ht2FC46HiA4SifnMqGbCWEM1_lUI1D3_jqIxed2tnacokq4eax3dtDZeEjjR5l0SpWjfcVnsOC52YpaGgp4lc-KqCoxqyIxyHB923vNC2jHyzinQHjUM7WA9prici9LpTZzwQIJ4FVuag0Q?testcase_id=5184708019486720 Filer: rnimmagadda See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 30 2016
I'm away on vacation. I'll be back August 8th.
,
Aug 8 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/643ede69216c073c2dd497c382577dc9fde36b3e commit 643ede69216c073c2dd497c382577dc9fde36b3e Author: caryclark <caryclark@google.com> Date: Mon Aug 08 21:27:45 2016 template intersection fuzz fixes Plumb in the ability to ignore asserts for out of range input deeper into the template intersection code. Exit gracefully when error conditions are found. TBR=reed@google.com BUG= 632607 , 632628 , 633063 , 633065 , 634251 , 633608 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2224823004 Review-Url: https://codereview.chromium.org/2224823004 [modify] https://crrev.com/643ede69216c073c2dd497c382577dc9fde36b3e/src/pathops/SkOpCoincidence.cpp [modify] https://crrev.com/643ede69216c073c2dd497c382577dc9fde36b3e/src/pathops/SkPathOpsOp.cpp [modify] https://crrev.com/643ede69216c073c2dd497c382577dc9fde36b3e/src/pathops/SkPathOpsTSect.h [modify] https://crrev.com/643ede69216c073c2dd497c382577dc9fde36b3e/tests/PathOpsOpTest.cpp
,
Aug 8 2016
,
Aug 9 2016
,
Aug 25 2016
ClusterFuzz has detected this issue as fixed in range 413961:414068. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5184708019486720 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: SkTAbs<int> UseInnerWinding SkOpSegment::markAngle Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=406065:406218 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413961:414068 Minimized Testcase (0.42 Kb): https://cluster-fuzz.appspot.com/download/AMIfv966-RKOSfG-6d5Ht2FC46HiA4SifnMqGbCWEM1_lUI1D3_jqIxed2tnacokq4eax3dtDZeEjjR5l0SpWjfcVnsOC52YpaGgp4lc-KqCoxqyIxyHB923vNC2jHyzinQHjUM7WA9prici9LpTZzwQIJ4FVuag0Q?testcase_id=5184708019486720 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by rnimmagadda@chromium.org
, Jul 29 2016Labels: -Pri-1 -Type-Bug M-54 Findit-for-crash Te-Logged Pri-2 Type-Bug-Regression
Owner: caryclark@chromium.org
Status: Assigned (was: Untriaged)