reed@: Can you please help triage this Skia security bug?

caryclark: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

caryclark: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I'm having trouble reproducing this. I imagine there's instructions somewhere on how to see this locally. Can you point me at them?

Friendly ping aarya: could you ptal at comment #7? Thanks!

caryclark, have you tried reproing this with a MSan build of Chrome? https://www.chromium.org/developers/testing/memorysanitizer

Looks like it still reproduces today on head.

It appears that sk_msan_assert_initialized is not working as intended. Assigning to the author to shed more light.

No man, the assert's working perfectly.  When it fails it means someone way up stack (and maybe a long time ago) done screwed up.

There is no bug related to use of uninitialized memory in sse41::blit_row_s32a_opaque.

If any of you see an MSAN bug mentioing sse41::blit_row_s32a_opaque, please assign them directly to me, and I will close them with progressively more curt messages about how it's a very real problem that nevertheless has absolutely nothing to do with Skia.

ClusterFuzz has detected this issue as fixed in range 451968:452017.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5903153625300992

Fuzzer: inferno_twister
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  sse41::blit_row_s32a_opaque
  SkARGB32_Shader_Blitter::blitRect
  antifilldot8
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=342909:342958
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=451968:452017

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv9503dWcs1O8TsYkagBb7yszn2VPweagCH-2DtWznFGEKcLcX9YPBWmndn33R1o0apDIimMCh2Aj_5n9nL2TmAdUk7AXWUeBvx54sqZXunfIEZixsWUlrNyCfEg10Yi6Uxw-OWltjgKXv-tS8drZ6SiNoc5dWg?testcase_id=5903153625300992


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot