New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 638496 link

Starred by 1 user
Status: Verified
Owner:
caryclark@chromium.org
Last visit > 30 days ago
Closed: Aug 2016
Cc:
ajha@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in SkOpAngle::segment

Project Member Reported by ClusterFuzz, Aug 17 2016

Comment 1 by ajha@chromium.org, Aug 17 2016

Cc: ajha@chromium.org
Components: Internals>Skia
Labels: M-54 Findit-for-crash Te-Logged
Owner: caryclark@chromium.org
Status: Assigned (was: Untriaged)
FindIt result:
==============
Suspected CLs	No CL in the regression range changes the crashed files. The result is the blame information.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/54359294a7c9dc54802d512a5d891a35c1663392
Time: Thu Mar 26 14:52:43 2015
The CL last changed line 821 of file SkOpAngle.cpp, which is stack frame 0.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/bca19f77479adfd8ba2171753382bc8bf4c2b4ca
Time: Wed May 13 15:23:48 2015
The CL last changed line 132 of file SkPathOpsCommon.cpp, which is stack frame 1.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/54359294a7c9dc54802d512a5d891a35c1663392
Time: Thu Mar 26 14:52:43 2015
The CL last changed line 85 of file SkPathOpsSimplify.cpp, which is stack frame 2.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/55888e44171ffd48b591d19256884a969fe4da17
Time: Mon Jul 18 17:01:36 2016
The CL last changed line 220 of file SkPathOpsSimplify.cpp, which is stack frame 3.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/45fa447460f70ec21d22cf4e1531490acfd3c578
Time: Fri Jan 16 15:04:10 2015
The CL last changed line 163 of file SkOpBuilder.cpp, which is stack frame 4.

Author: mbarbella
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/d39a8d816bab5d9c7b572c1ef9e6a53224e0b0c9
Time: Thu Jun 23 16:11:33 2016
The CL last changed line 27 of file skia_pathop_fuzzer.cc, which is stack frame 5.

Author: kcc
Project: chromium-libfuzzer
Changelist: https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer.git/+/017574a9e1dde70aca4e26283e4145626e0f5d3a
Time: Tue May 10 23:46:50 2016
The CL last changed line 280 of file afl_driver.cpp, which is stack frame 6.

Suspected Project: chromium-skia
Suspected Component: Internals>Skia

Based on the above Findit-result assigning to caryclark@ for further investigation.

Thank you!
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 17 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4ea965bed99e6262370f44ef453d45f7723fb8b8

commit 4ea965bed99e6262370f44ef453d45f7723fb8b8
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Wed Aug 17 14:46:33 2016

Roll src/third_party/skia/ 422310ddb..bf63e616a (2 commits).

https://chromium.googlesource.com/skia.git/+log/422310ddbe4d..bf63e616a67e

$ git log 422310ddb..bf63e616a --date=short --no-merges --format='%ad %ae %s'
2016-08-17 egdaniel Add mssa configs for vulkan, and simple bug fix
2016-08-17 caryclark fix fuzz

BUG= 638496 

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
TBR=robertphillips@google.com

Review-Url: https://codereview.chromium.org/2256673002
Cr-Commit-Position: refs/heads/master@{#412526}

[modify] https://crrev.com/4ea965bed99e6262370f44ef453d45f7723fb8b8/DEPS
Project Member

Comment 4 by ClusterFuzz, Aug 18 2016 

ClusterFuzz has detected this issue as fixed in range 412525:412707.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4923865719635968

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x0000000000d0
Crash State:
  SkOpAngle::segment
  FindChase
  SimplifyDebug
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=406863:406982
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=412525:412707

Minimized Testcase (0.33 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94yoIhHGhf-r8tKsvBYcAh9SNOGAhrexELaiJ35D_kTY-Ae6meKK0O1YaScYtwjOwPDmO7wehKIXDUJZwAq5we9XwuHa1jtRGSCrmzJbJ3FM12EIFmJwChH_No1CRMVuXjLz28uOdKkuDh2p4L1loyzar19DA?testcase_id=4923865719635968

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by ClusterFuzz, Aug 18 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment