New issue
Advanced search Search tips

Issue 633476 link

Starred by 1 user
Status: WontFix
Owner:
piman@chromium.org
Closed: Aug 2016
Cc:
mac-bugs-priority@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in unpack_RGBANUMBER

Project Member Reported by ClusterFuzz, Aug 2 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4839176765964288

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x0003b4da97ff
Crash State:
  unpack_RGBANUMBER
  _mesa_readpixels
  osmesa.so
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=408781:408946

Minimized Testcase (1.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97CoeShJGtqF1QuAJYZZVyhYi0tOs6Zz6v94NyisiV9pFITX3tgnYrJCzxOLO7ooJ0n1Z6WQwgtzJXGZdOeg-lX-uqyb3Rgb8vIhS-Jjw4vW3V0amscgQhudtEMD_SI3un5HZCqA371tUvJp6nr2vNH07MVxA?testcase_id=4839176765964288

Filer: tanin

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by raymes@chromium.org, Aug 2 2016

Components: Internals>GPU
Owner: piman@chromium.org
Status: Assigned (was: Untriaged)
piman: could you please help triage this? Thanks!
Project Member

Comment 2 by sheriffbot@chromium.org, Aug 2 2016

Labels: M-54
Project Member

Comment 3 by sheriffbot@chromium.org, Aug 2 2016

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by sheriffbot@chromium.org, Aug 2 2016

Labels: Pri-1

Comment 5 by aarya@google.com, Aug 2 2016

Status: WontFix (was: Assigned)
Mesa issues are WontFix.
Project Member

Comment 6 by ClusterFuzz, Aug 3 2016 

ClusterFuzz has detected this issue as fixed in range 409186:409208.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4839176765964288

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x0003b4da97ff
Crash State:
  unpack_RGBANUMBER
  _mesa_readpixels
  osmesa.so
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=408781:408946
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=409186:409208

Minimized Testcase (1.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97CoeShJGtqF1QuAJYZZVyhYi0tOs6Zz6v94NyisiV9pFITX3tgnYrJCzxOLO7ooJ0n1Z6WQwgtzJXGZdOeg-lX-uqyb3Rgb8vIhS-Jjw4vW3V0amscgQhudtEMD_SI3un5HZCqA371tUvJp6nr2vNH07MVxA?testcase_id=4839176765964288

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 9 2016

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment