Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in SkGradientShaderBase::SkGradientShaderBase |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5978838863708160 Fuzzer: inferno_canvas_wrecker Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: SkGradientShaderBase::SkGradientShaderBase SkTwoPointConicalGradient::SkTwoPointConicalGradient SkGradientShader::MakeTwoPointConical Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=413208:413324 Minimized Testcase (0.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97QpOf6HdqPNxqOqPjwijBL0a0b4KI3BzWM2Wd5vwKbSPFs27xOhXRPAcZR7ofb81ZPzN0z5efxmcZC0Zp3cbP3syAJ0tfkHZVlHU_OJJuUJp9cJuhp-m4inNUdtwQvvhekr5dhskyTa-RgE-9h74OfBn_GWw?testcase_id=5978838863708160 Issue manually filed by: inferno See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 23 2016
,
Aug 24 2016
,
Aug 24 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 26 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6507769102598144 Fuzzer: inferno_twister Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x60200005d85c Crash State: SkGradientShader::MakeTwoPointConical blink::Gradient::createShader blink::Gradient::applyToPaint Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=413455:413548 Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97wWEvhXqO-y7Z_CsL53sDprQ3U3QEWm032WnF4RaK-Nzr-JxfjqXFdtDzRMLAHbScqNW8rC02WYfndy7PjqsDQkDi6g6dRNarT6AV-QfgLquOB1sUdUJ4OclPTvQE4x_b1gCwsvzWY64VT8Mg46TihZSOCWQ?testcase_id=6507769102598144 Issue manually filed by: inferno See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 1 2016
,
Sep 6 2016
Friendly ping, this is currently a Beta-blocker and needs to get fixed and merged as soon as feasible, as M54 is going to beta this Thursday 9/8
,
Sep 7 2016
reed: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 7 2016
Moving to ReleaseBlock-Stable to keep track of this for M54
,
Sep 14 2016
ClusterFuzz has detected this issue as fixed in range 418377:418438. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5978838863708160 Fuzzer: inferno_canvas_wrecker Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: SkGradientShaderBase::SkGradientShaderBase SkTwoPointConicalGradient::SkTwoPointConicalGradient SkGradientShader::MakeTwoPointConical Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=413208:413324 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=418377:418438 Minimized Testcase (0.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97QpOf6HdqPNxqOqPjwijBL0a0b4KI3BzWM2Wd5vwKbSPFs27xOhXRPAcZR7ofb81ZPzN0z5efxmcZC0Zp3cbP3syAJ0tfkHZVlHU_OJJuUJp9cJuhp-m4inNUdtwQvvhekr5dhskyTa-RgE-9h74OfBn_GWw?testcase_id=5978838863708160 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 16 2016
,
Sep 17 2016
ClusterFuzz has detected this issue as fixed in range 419286:419365. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6507769102598144 Fuzzer: inferno_twister Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x60200005d85c Crash State: SkGradientShader::MakeTwoPointConical blink::Gradient::createShader blink::Gradient::applyToPaint Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=413455:413548 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_lsan_chrome_mp&range=419286:419365 Minimized Testcase (0.68 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97wWEvhXqO-y7Z_CsL53sDprQ3U3QEWm032WnF4RaK-Nzr-JxfjqXFdtDzRMLAHbScqNW8rC02WYfndy7PjqsDQkDi6g6dRNarT6AV-QfgLquOB1sUdUJ4OclPTvQE4x_b1gCwsvzWY64VT8Mg46TihZSOCWQ?testcase_id=6507769102598144 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 17 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 18 2016
,
Oct 7 2016
Looks like a dupe of 647481
,
Dec 25 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by infe...@chromium.org
, Aug 23 2016Labels: Pri-1
Owner: reed@chromium.org
Status: Assigned (was: Untriaged)