Issue metadata
Sign in to add a comment
|
Crash inside SuperBlitter::blitH |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5994028783108096 Fuzzer: libfuzzer_skia_path_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x615fffff8482 Crash State: Break add SuperBlitter::blitH Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400422:400471 Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv973vI5aEYKREvVK5Ik2Ipq6RAVoJpk0YWr-wX0YCKhTmhooR459FYS7iNnr98O2S6bXBkfSYFmGqUL-CZ-REhVG2Rc6oU2Kd5_ckEhE9OcBLz1yu6EP3fUwCvP8se5tLUEewRwRkMxppwmcChl-rA_N4X2nsg?testcase_id=5994028783108096 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 2 2016
,
Sep 2 2016
vakh: Err, I barely work on Skia and I'm not in the blame list, though it appears I am a popular person to assign bugs to. :)
,
Sep 2 2016
,
Sep 2 2016
path.moveTo(SkBits2Float(0x00000000), SkBits2Float(0x00000000)); // 0, 0 path.conicTo(SkBits2Float(0x002001f2), SkBits2Float(0x4161ffff), SkBits2Float(0x49f7224d), SkBits2Float(0x45eec8df), SkBits2Float(0x721aee0c)); // 2.93943e-39f, 14.125f, 2.02452e+06f, 7641.11f, 3.0687e+30f SkScan_Path.cpp:274: fatal error: "assert(local_top <= local_bot)" Note that the conic w value is very large.
,
Sep 3 2016
,
Sep 3 2016
,
Sep 6 2016
,
Sep 6 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/38994ad4f5c7334d0b2d510f8411674183abc826 commit 38994ad4f5c7334d0b2d510f8411674183abc826 Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Tue Sep 06 20:50:27 2016 Roll src/third_party/skia/ f54c00e81..6669010af (9 commits). https://chromium.googlesource.com/skia.git/+log/f54c00e817b1..6669010af4e6 $ git log f54c00e81..6669010af --date=short --no-merges --format='%ad %ae %s' 2016-09-06 reed check for null-layer-paint after prev fix to savelayer ops 2016-09-06 msarett Delete SkColorSpace::kUnknown_Named, remove fNamed field 2016-09-06 csmartdalton Improve usage of window rectangles 2016-09-06 brucedawson Work around VS 2015 Update 3 optimizer internal compiler error 2016-09-06 halcanary SkDocument: turn off SK_SUPPORT_LEGACY_DOCUMENT_API 2016-09-06 reed test dont-clip-layer 2016-09-06 caryclark provide safe exit for runaway intersections 2016-09-06 caryclark compare degenerates with tolerance 2016-09-06 bsalomon Update Windows build to use VULKAN_SDK rather than VK_SDK_PATH BUG= 643855 , 643933 , 643665 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel TBR=caryclark@google.com Review-Url: https://codereview.chromium.org/2312993002 Cr-Commit-Position: refs/heads/master@{#416722} [modify] https://crrev.com/38994ad4f5c7334d0b2d510f8411674183abc826/DEPS
,
Sep 6 2016
,
Sep 7 2016
,
Sep 8 2016
ClusterFuzz has detected this issue as fixed in range 416578:416599. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5994028783108096 Fuzzer: libfuzzer_skia_path_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x615fffff8482 Crash State: Break add SuperBlitter::blitH Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400422:400471 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=416578:416599 Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv973vI5aEYKREvVK5Ik2Ipq6RAVoJpk0YWr-wX0YCKhTmhooR459FYS7iNnr98O2S6bXBkfSYFmGqUL-CZ-REhVG2Rc6oU2Kd5_ckEhE9OcBLz1yu6EP3fUwCvP8se5tLUEewRwRkMxppwmcChl-rA_N4X2nsg?testcase_id=5994028783108096 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 9 2016
,
Sep 9 2016
[Automated comment] DEPS changes referenced in bugdroid comments, needs manual review.
,
Sep 9 2016
,
Sep 13 2016
This change meets the bar and is approved merging into M54
,
Sep 13 2016
,
Sep 14 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/406e44949c3c766a74e18b49f2f1f4e29f862ba8 commit 406e44949c3c766a74e18b49f2f1f4e29f862ba8 Author: caryclark <caryclark@google.com> Date: Tue Sep 06 15:54:10 2016 compare degenerates with tolerance Conics with very large w values can be approximated with two straight lines. This avoids iterating endlessly in an attempt to create quadratics with unstable numerics. Check to see if the first chop generated a pair of lines within the default point comparison tolerance. R=reed@google.com BUG= 643933 , 643665 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2312923002 Review-Url: https://codereview.chromium.org/2312923002 [modify] https://crrev.com/406e44949c3c766a74e18b49f2f1f4e29f862ba8/src/core/SkGeometry.cpp [modify] https://crrev.com/406e44949c3c766a74e18b49f2f1f4e29f862ba8/tests/PathTest.cpp
,
Sep 16 2016
,
Oct 10 2016
,
Dec 14 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by vakh@chromium.org
, Sep 2 2016Components: Internals>Skia>Compositing Internals>Skia
Owner: thestig@chromium.org