New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 639157 link

Starred by 2 users
Status: Verified
Owner:
caryclark@chromium.org
Last visit > 30 days ago
Closed: Aug 2016
Cc:
mummare...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in SkTSect<SkDQuad, SkDQuad>::extractCoincident

Project Member Reported by ClusterFuzz, Aug 19 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5905525953003520

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000080
Crash State:
  SkTSect<SkDQuad, SkDQuad>::extractCoincident
  SkTSect<SkDQuad, SkDQuad>::coincidentCheck
  SkTSect<SkDQuad, SkDQuad>::BinarySearch
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=406032:406205

Minimized Testcase (0.06 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96a-868d4gitAxNk7hm8HF030XL68XCcb3id22-dj0Ct04D4MS3co9qKMHIYppq9tmlptMTSOlaFZl2N2vywlnNhsRgJFb5cbrc44cYZdPECH5ttPGBphnN-w2_wi4M7IXcT2ad4nt6mpeiHH8P4NT6hNtAVg?testcase_id=5905525953003520

Issue manually filed by: mummareddy

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mummare...@chromium.org, Aug 19 2016

Components: Internals>Skia
Labels: M-54 findit-wrong Te-Logged
Owner: caryclark@chromium.org
Status: Assigned (was: Untriaged)

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/45fa447460f70ec21d22cf4e1531490acfd3c578
Time: Fri Jan 16 15:04:10 2015
The CL last changed line 155 of file SkPathOpsTSect.h, which is stack frame 0.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/1049f1246e7be4ccb68001361efceb8933e6f81c
Time: Mon Apr 20 15:31:59 2015
The CL last changed line 1834 of file SkPathOpsTSect.h, which is stack frame 1.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/1049f1246e7be4ccb68001361efceb8933e6f81c
Time: Mon Apr 20 15:31:59 2015
The CL last changed line 1227 of file SkPathOpsTSect.h, which is stack frame 2.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/54359294a7c9dc54802d512a5d891a35c1663392
Time: Thu Mar 26 14:52:43 2015
The CL last changed line 1001 of file SkPathOpsTSect.h, which is stack frame 3.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/45fa447460f70ec21d22cf4e1531490acfd3c578
Time: Fri Jan 16 15:04:10 2015
The CL last changed line 2148 of file SkPathOpsTSect.h, which is stack frame 4.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/1049f1246e7be4ccb68001361efceb8933e6f81c
Time: Mon Apr 20 15:31:59 2015
The CL last changed line 15 of file SkPathOpsTSect.cpp, which is stack frame 5.

Author: caryclark
Project: chromium-skia
Changelist: https://chromium.googlesource.com/skia.git/+/1049f1246e7be4ccb68001361efceb8933e6f81c
Time: Mon Apr 20 15:31:59 2015
The CL last changed line 402 of file SkAddIntersections.cpp, which is stack frame 6.

Suspected Project: chromium-skia
Suspected Component: Internals>Skia

caryclark@, could you please take a look?
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 19 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/997cb2361b5ee40e717978ae375e19dbb94200ce

commit 997cb2361b5ee40e717978ae375e19dbb94200ce
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Fri Aug 19 15:17:13 2016

Roll src/third_party/skia/ 83b24ff08..429428660 (1 commit).

https://chromium.googlesource.com/skia.git/+log/83b24ff0825e..429428660b24

$ git log 83b24ff08..429428660 --date=short --no-merges --format='%ad %ae %s'
2016-08-19 caryclark fix fuzzes

BUG= 639157 , 638783 

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
TBR=robertphillips@google.com

Review-Url: https://codereview.chromium.org/2258173002
Cr-Commit-Position: refs/heads/master@{#413149}

[modify] https://crrev.com/997cb2361b5ee40e717978ae375e19dbb94200ce/DEPS
Project Member

Comment 4 by ClusterFuzz, Aug 20 2016 

ClusterFuzz has detected this issue as fixed in range 413061:413168.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5905525953003520

Fuzzer: afl_skia_pathop_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000080
Crash State:
  SkTSect<SkDQuad, SkDQuad>::extractCoincident
  SkTSect<SkDQuad, SkDQuad>::coincidentCheck
  SkTSect<SkDQuad, SkDQuad>::BinarySearch
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=406032:406205
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=413061:413168

Minimized Testcase (0.06 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96a-868d4gitAxNk7hm8HF030XL68XCcb3id22-dj0Ct04D4MS3co9qKMHIYppq9tmlptMTSOlaFZl2N2vywlnNhsRgJFb5cbrc44cYZdPECH5ttPGBphnN-w2_wi4M7IXcT2ad4nt6mpeiHH8P4NT6hNtAVg?testcase_id=5905525953003520

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by ClusterFuzz, Aug 20 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment