New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 648410 link

Starred by 1 user
Status: Duplicate
Merged: issue 628222
Owner:
mmohammad@chromium.org
Last visit > 30 days ago
Closed: Sep 2016
Cc:
reed@chromium.org
bunge...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in SkPath2DPathEffect::CreateProc

Project Member Reported by ClusterFuzz, Sep 19 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6609308399960064

Fuzzer: sugoi_filter_fuzzer
Job Type: linux_asan_filter_fuzz_stub
Platform Id: linux

Crash Type: UNKNOWN WRITE
Crash Address: 0x000000000008
Crash State:
  SkPath2DPathEffect::CreateProc
  SkValidatingReadBuffer::readFlattenable
  SkComposePathEffect::CreateProc
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_filter_fuzz_stub&range=419414:419416

Minimized Testcase (146.82 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9420sSjwt2aQ929JGwp7yxZqgPDBGqTdjfautxqyqs7vNNt1Nun-U5krh2sNKzs4RRPKnBjq2SXnNWcJfqcr9pd06Gtwe1q5yQOp_M3ATK7ON24dw2fNklhu5lnWZnI2bY2vlQBpOwb9StYXK2tUEHWrMv5_9jGZsCLTLlDHv0-tf3tahI?testcase_id=6609308399960064

Issue manually filed by: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmohammad@chromium.org, Sep 19 2016

Owner: reed@chromium.org
Status: Assigned (was: Untriaged)
reed @ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

Comment 2 by reed@google.com, Sep 20 2016

Owner: bunge...@chromium.org

Comment 3 by bunge...@chromium.org, Sep 20 2016

Cc: bunge...@chromium.org reed@chromium.org
Mergedinto: 628222
Owner: mmohammad@chromium.org
Status: Duplicate (was: Assigned)
This is due to ASAN's 'new' returning nullptr when it runs out of memory. This is invalid behavior and should be expected to cause crashes. This unfortunate noise will result in less attention paid to future fuzzer reports, especially the nullptr variety.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment