Issue metadata
Sign in to add a comment
|
Crash in SuperBlitter::blitH |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5692757480046592 Fuzzer: afl_skia_path_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x615fffff818a Crash State: SuperBlitter::blitH walk_convex_edges sk_fill_path Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404 Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9619VWChqoQlyuW-yxhpHj16ruXQbKhvcuNl5TSHs7stiXJH1wMK_F3n6Xyxk_N_xhWh125YbQq2BzvBH6JoxEl_Jw9eburB_HkREfABGtDw8WTNqJk4tXVjE9q5qp3gO5TWiD43wjEMrWxGXgE6iP4cImsog?testcase_id=5692757480046592 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 17 2016
,
Sep 19 2016
Possibly duplicate of: https://bugs.chromium.org/p/chromium/issues/detail?id=643665
,
Sep 20 2016
,
Sep 22 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/ac78863acdef4b428aaf66985b80c76d1be0fdea commit ac78863acdef4b428aaf66985b80c76d1be0fdea Author: caryclark <caryclark@google.com> Date: Thu Sep 22 12:15:14 2016 fix for conic fuzz A fuzzer generates a conic that hangs when drawn. The quads that approximate the conics move up and down in y, confusing the renderer. This fix ensures that the split conic maintains the same y direction as the original conic. R=reed@google.com BUG= 647922 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2350263003 Review-Url: https://codereview.chromium.org/2350263003 [modify] https://crrev.com/ac78863acdef4b428aaf66985b80c76d1be0fdea/src/core/SkGeometry.cpp [modify] https://crrev.com/ac78863acdef4b428aaf66985b80c76d1be0fdea/tests/PathTest.cpp
,
Sep 22 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/08b345588414b861af8a55950e7dc21a1bd85a28 commit 08b345588414b861af8a55950e7dc21a1bd85a28 Author: caryclark <caryclark@google.com> Date: Thu Sep 22 14:42:39 2016 Revert of fix for conic fuzz (patchset #3 id:40001 of https://codereview.chromium.org/2350263003/ ) Reason for revert: See if this fixes the layout tests. Original issue's description: > fix for conic fuzz > > A fuzzer generates a conic that hangs when drawn. > The quads that approximate the conics move up and down > in y, confusing the renderer. > > This fix ensures that the split conic maintains the > same y direction as the original conic. > > R=reed@google.com > BUG= 647922 > GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2350263003 > > Committed: https://skia.googlesource.com/skia/+/ac78863acdef4b428aaf66985b80c76d1be0fdea TBR=reed@google.com # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= 647922 Review-Url: https://codereview.chromium.org/2361473004 [modify] https://crrev.com/08b345588414b861af8a55950e7dc21a1bd85a28/src/core/SkGeometry.cpp [modify] https://crrev.com/08b345588414b861af8a55950e7dc21a1bd85a28/tests/PathTest.cpp
,
Sep 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cdafcfbc97b801a30b1b59c4944c969dee1afd99 commit cdafcfbc97b801a30b1b59c4944c969dee1afd99 Author: caryclark <caryclark@google.com> Date: Thu Sep 22 16:31:25 2016 disable changed conic tests Fixing a fuzzer requires maintaining monotonic quads when they are generated from monotonic conics. This changes some conic rendered pixels slightly. R=fmalita@chromium.org BUG= 647922 Review-Url: https://codereview.chromium.org/2356253004 Cr-Commit-Position: refs/heads/master@{#420371} [modify] https://crrev.com/cdafcfbc97b801a30b1b59c4944c969dee1afd99/third_party/WebKit/LayoutTests/TestExpectations
,
Sep 22 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/bac104605ef3d9a8ed0022694990f00518b809e9 commit bac104605ef3d9a8ed0022694990f00518b809e9 Author: caryclark <caryclark@google.com> Date: Thu Sep 22 17:24:59 2016 Reland of ix for conic fuzz (patchset #1 id:1 of https://codereview.chromium.org/2361473004/ ) Reason for revert: Landed suppression in Chrome's LayoutTests/TestExpectations Original issue's description: > Revert of fix for conic fuzz (patchset #3 id:40001 of https://codereview.chromium.org/2350263003/ ) > > Reason for revert: > See if this fixes the layout tests. > > Original issue's description: > > fix for conic fuzz > > > > A fuzzer generates a conic that hangs when drawn. > > The quads that approximate the conics move up and down > > in y, confusing the renderer. > > > > This fix ensures that the split conic maintains the > > same y direction as the original conic. > > > > R=reed@google.com > > BUG= 647922 > > GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2350263003 > > > > Committed: https://skia.googlesource.com/skia/+/ac78863acdef4b428aaf66985b80c76d1be0fdea > > TBR=reed@google.com > # Skipping CQ checks because original CL landed less than 1 days ago. > NOPRESUBMIT=true > NOTREECHECKS=true > NOTRY=true > BUG= 647922 > > Committed: https://skia.googlesource.com/skia/+/08b345588414b861af8a55950e7dc21a1bd85a28 TBR=reed@google.com # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG= 647922 Review-Url: https://codereview.chromium.org/2359253002 [modify] https://crrev.com/bac104605ef3d9a8ed0022694990f00518b809e9/src/core/SkGeometry.cpp [modify] https://crrev.com/bac104605ef3d9a8ed0022694990f00518b809e9/tests/PathTest.cpp
,
Sep 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/15303daf52164b1354e7cd608198decb3f31e6ca commit 15303daf52164b1354e7cd608198decb3f31e6ca Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Thu Sep 22 19:30:00 2016 Roll src/third_party/skia/ d7a9db644..bac104605 (12 commits). https://chromium.googlesource.com/skia.git/+log/d7a9db644496..bac104605ef3 $ git log d7a9db644..bac104605 --date=short --no-merges --format='%ad %ae %s' 2016-09-22 caryclark Reland of ix for conic fuzz (patchset #1 id:1 of https://codereview.chromium.org/2361473004/ ) 2016-09-22 caryclark Revert of fix for conic fuzz (patchset #3 id:40001 of https://codereview.chromium.org/2350263003/ ) 2016-09-22 brianosman Add output format properties to SkImageFilter::Context 2016-09-22 msarett Make SkColorSpaceXform::New() take bare ptrs 2016-09-22 mtklein Run commandbuffer config on CommandBuffer Perf bots. 2016-09-22 mtklein Clean up dead code. 2016-09-22 cblume Is char* or uintptr_t easier to read? 2016-09-22 benjaminwagner Add recipe support for Intel HD Graphics 530. 2016-09-22 msarett Do not quickReject until virtual drawPatch 2016-09-22 caryclark fix next kevin fuzz 2016-09-22 caryclark fix for conic fuzz 2016-09-22 caryclark speed up debug dm BUG= 647922 , 647922 , 648512 , 647922 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel TBR=borenet@google.com Review-Url: https://codereview.chromium.org/2361143002 Cr-Commit-Position: refs/heads/master@{#420424} [modify] https://crrev.com/15303daf52164b1354e7cd608198decb3f31e6ca/DEPS
,
Sep 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2a3f3ae7baf5b12ec8f766298ef257d210e7d443 commit 2a3f3ae7baf5b12ec8f766298ef257d210e7d443 Author: caryclark <caryclark@google.com> Date: Thu Sep 22 21:29:27 2016 rebaseline conic changes Conic to quad changes have landed in Skia, so these Layout tests can be rebaselined. R=fmalita@chromium.org BUG= 647922 Review-Url: https://codereview.chromium.org/2360393002 Cr-Commit-Position: refs/heads/master@{#420463} [modify] https://crrev.com/2a3f3ae7baf5b12ec8f766298ef257d210e7d443/third_party/WebKit/LayoutTests/TestExpectations
,
Sep 23 2016
ClusterFuzz has detected this issue as fixed in range 420327:420425. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5692757480046592 Fuzzer: afl_skia_path_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x615fffff818a Crash State: SuperBlitter::blitH walk_convex_edges sk_fill_path Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404 Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=420327:420425 Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9619VWChqoQlyuW-yxhpHj16ruXQbKhvcuNl5TSHs7stiXJH1wMK_F3n6Xyxk_N_xhWh125YbQq2BzvBH6JoxEl_Jw9eburB_HkREfABGtDw8WTNqJk4tXVjE9q5qp3gO5TWiD43wjEMrWxGXgE6iP4cImsog?testcase_id=5692757480046592 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 23 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 24 2016
,
Sep 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/08d020a76b9df4b10e24ece45df546bc08a87005 commit 08d020a76b9df4b10e24ece45df546bc08a87005 Author: caryclark <caryclark@google.com> Date: Mon Sep 26 13:51:28 2016 rebaseline missed conic-related layout tests Missed these layout tests earlier; conic to quad changes cause slight differences and require a rebaseline. R=fmalita@chromium.org BUG= 647922 . 649631 Review-Url: https://codereview.chromium.org/2373473002 Cr-Commit-Position: refs/heads/master@{#420886} [modify] https://crrev.com/08d020a76b9df4b10e24ece45df546bc08a87005/third_party/WebKit/LayoutTests/TestExpectations
,
Sep 28 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3228e417a428ab5a4651909062143ac82365adfd commit 3228e417a428ab5a4651909062143ac82365adfd Author: Rebaseline Bot <blink-rebaseline-bot@chromium.org> Date: Wed Sep 28 17:59:53 2016 Auto-rebaseline for r420463 https://chromium.googlesource.com/chromium/src/+/2a3f3ae7b BUG= 647922 TBR=caryclark@google.com Review URL: https://codereview.chromium.org/2374113002 . Cr-Commit-Position: refs/heads/master@{#421566} [modify] https://crrev.com/3228e417a428ab5a4651909062143ac82365adfd/third_party/WebKit/LayoutTests/TestExpectations [modify] https://crrev.com/3228e417a428ab5a4651909062143ac82365adfd/third_party/WebKit/LayoutTests/fast/borders/border-radius-different-width-001-double-expected.png [modify] https://crrev.com/3228e417a428ab5a4651909062143ac82365adfd/third_party/WebKit/LayoutTests/fast/borders/borderRadiusDotted04-expected.png [modify] https://crrev.com/3228e417a428ab5a4651909062143ac82365adfd/third_party/WebKit/LayoutTests/fast/borders/webkit-border-radius-expected.png [add] https://crrev.com/3228e417a428ab5a4651909062143ac82365adfd/third_party/WebKit/LayoutTests/platform/android/fast/borders/border-radius-different-width-001-double-expected.png [add] https://crrev.com/3228e417a428ab5a4651909062143ac82365adfd/third_party/WebKit/LayoutTests/platform/android/fast/borders/webkit-border-radius-expected.png [modify] https://crrev.com/3228e417a428ab5a4651909062143ac82365adfd/third_party/WebKit/LayoutTests/platform/linux/svg/zoom/page/zoom-img-preserveAspectRatio-support-1-expected.png [modify] https://crrev.com/3228e417a428ab5a4651909062143ac82365adfd/third_party/WebKit/LayoutTests/platform/win/svg/zoom/page/zoom-img-preserveAspectRatio-support-1-expected.png
,
Oct 10 2016
,
Nov 29 2016
,
Dec 31 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Sep 17 2016