New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 633144 link

Starred by 1 user
Status: Fixed
Owner:
msarett@chromium.org
Last visit > 30 days ago
Closed: Nov 2016
Cc:
djsollen@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Data race in jsimd_can_ycc_rgb

Project Member Reported by ClusterFuzz, Aug 1 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4814683098054656

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 4
Crash Address: 0x7f4de7e1c9c8
Crash State:
  jsimd_can_ycc_rgb
  chromium_jinit_color_deconverter
  chromium_jinit_master_decompress
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=391873:391931

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96SkP4M_zaFkOq-X1nd0pnC_zVBdhBV2Q3fvyXFQJEB8MRhy-5ghCNd2C6Ik4-_D1X0HIPDXKWP4qEPiFNo88Y04KzSqVxaIWYY7JKYSGhj6ahsJYRRZh7CeBjddcousecjF6l1jxwRr2jU3pnfpkiz5fq0RdMDR0iapP-18fQtbeHOxbU?testcase_id=4814683098054656


Filer: nyerramilli

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by brajkumar@chromium.org, Aug 12 2016

Components: Tools>Test>FindIt>NoResult

Comment 2 by kateso...@chromium.org, Oct 18 2016

Components: -Tools>Test>FindIt>NoResult

Comment 3 by msrchandra@chromium.org, Nov 3 2016

Cc: tomhudson@google.com
Labels: Findit-for-crash Test-Predator-Correct-CLs
Owner: tomhud...@chromium.org
Status: Assigned (was: Untriaged)
Using find it assigning to the concern owner,
Suspected CLs	The result is a list of CLs that change the crashed files.

Author: Tom Hudson
Project: chromium-libjpeg_turbo
Changelist: https://chromium.googlesource.com/chromium/deps/libjpeg_turbo.git/+/0d47d2d3a728e78676a15b1d818cc668cb7e5a9c
Time: Wed May 04 17:22:56 2016
Lines 46-53 of file jsimd_x86_64.c which potentially caused crash are changed in this cl (frame #0, "jsimd_can_ycc_rgb").

Files jdmaster.c, jdcolor.c, jdapistd.c are changed in this cl (and is part of stack frame #2, "chromium_jinit_master_decompress")
Minimum distance from crash line to modified line: 0. (file: jsimd_x86_64.c, crashed on: 43, modified: 43).

Suspected Project: chromium-libjpeg_turbo

@Tom Hudson -- Could you please look into the issue, Kindly help to re-assign, if your changes are not cause for this issue.
Thank You.

Comment 4 by tomhud...@chromium.org, Nov 3 2016

Cc: -tomhudson@google.com djsollen@chromium.org
Owner: msarett@chromium.org
Over to Matt.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by msarett@chromium.org, Nov 23 2016 

This race is benign.  It's a known issue in libjpeg-turbo, and they aren't going to fix it.
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/87

I'll suppress, just like we did in  crbug.com/633145 .

Comment 7 by msarett@chromium.org, Nov 23 2016

Status: Fixed (was: Assigned)
Never mind, this is already fixed.

Sign in to add a comment