Issue metadata
Sign in to add a comment
|
Crash in SkOpSpanBase::segment |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4815087699492864 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00009fff8005 Crash State: SkOpSpanBase::segment SkOpSpan::containsCoincidence SkOpSpan::insertCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=423381:423433 Minimized Testcase (0.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv966gzrN8KO_aiazWnUpryRtAWHIn6mbuMfwYeZvcBLsKOYFOP9lJFGE4qkUjMMWwoq_cLaFp_wb9sDa_8ekPxgP73t53lWqgE1GPIw37YQQSPeDSAKoeZ8WXSTaqZZAqRD0xIMb1CMGM5tXudhLK8X462J6_w?testcase_id=4815087699492864 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 20 2016
,
Oct 20 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 20 2016
,
Oct 20 2016
,
Oct 20 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/96dc1c9efaab4636e30f90aa377f25863f9bf3ba commit 96dc1c9efaab4636e30f90aa377f25863f9bf3ba Author: caryclark <caryclark@google.com> Date: Thu Oct 20 18:34:10 2016 fix more chrome asan fuzzer failures Small change to gracefully quit when fuzzer values cause pathops to fail. TBR=reed@google.com BUG= 657411 , 657559 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2426393004 Review-Url: https://chromiumcodereview.appspot.com/2426393004 [modify] https://crrev.com/96dc1c9efaab4636e30f90aa377f25863f9bf3ba/src/pathops/SkOpCoincidence.cpp [modify] https://crrev.com/96dc1c9efaab4636e30f90aa377f25863f9bf3ba/src/pathops/SkOpCoincidence.h [modify] https://crrev.com/96dc1c9efaab4636e30f90aa377f25863f9bf3ba/tests/PathOpsOpTest.cpp [modify] https://crrev.com/96dc1c9efaab4636e30f90aa377f25863f9bf3ba/tests/PathOpsSimplifyFailTest.cpp
,
Oct 20 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/96dc1c9efaab4636e30f90aa377f25863f9bf3ba commit 96dc1c9efaab4636e30f90aa377f25863f9bf3ba Author: caryclark <caryclark@google.com> Date: Thu Oct 20 18:34:10 2016 fix more chrome asan fuzzer failures Small change to gracefully quit when fuzzer values cause pathops to fail. TBR=reed@google.com BUG= 657411 , 657559 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2426393004 Review-Url: https://chromiumcodereview.appspot.com/2426393004 [modify] https://crrev.com/96dc1c9efaab4636e30f90aa377f25863f9bf3ba/src/pathops/SkOpCoincidence.cpp [modify] https://crrev.com/96dc1c9efaab4636e30f90aa377f25863f9bf3ba/src/pathops/SkOpCoincidence.h [modify] https://crrev.com/96dc1c9efaab4636e30f90aa377f25863f9bf3ba/tests/PathOpsOpTest.cpp [modify] https://crrev.com/96dc1c9efaab4636e30f90aa377f25863f9bf3ba/tests/PathOpsSimplifyFailTest.cpp
,
Oct 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/18cdcb2bdaf1b95995c7a3cfd53ba72c4fe3b4cb commit 18cdcb2bdaf1b95995c7a3cfd53ba72c4fe3b4cb Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Thu Oct 20 21:04:16 2016 Roll src/third_party/skia/ 916ca1d8a..61013b235 (7 commits). https://chromium.googlesource.com/skia.git/+log/916ca1d8a02b..61013b235f47 $ git log 916ca1d8a..61013b235 --date=short --no-merges --format='%ad %ae %s' 2016-10-20 borenet Add retries to the InfraTests bot's "update go pkgs" step 2016-10-20 caryclark fix more chrome asan fuzzer failures 2016-10-20 liyuqian Make SkFixedRound/Ceil/FloorToFixed as inline func 2016-10-20 mtklein Add missing sse41::run_pipeline. 2016-10-20 liyuqian Use Analytic AA in SkAAClip. 2016-10-20 borenet gen_tasks.go: Use new helpers from specs package 2016-10-20 mtklein Turn on /OPT:REF and /OPT:ICF too. BUG= 657411 , 657559 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel TBR=mtklein@google.com Review-Url: https://chromiumcodereview.appspot.com/2438613006 Cr-Commit-Position: refs/heads/master@{#426594} [modify] https://crrev.com/18cdcb2bdaf1b95995c7a3cfd53ba72c4fe3b4cb/DEPS
,
Oct 20 2016
,
Oct 21 2016
ClusterFuzz has detected this issue as fixed in range 426526:426594. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4815087699492864 Fuzzer: libfuzzer_skia_pathop_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00009fff8005 Crash State: SkOpSpanBase::segment SkOpSpan::containsCoincidence SkOpSpan::insertCoincidence Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=423381:423433 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=426526:426594 Minimized Testcase (0.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv966gzrN8KO_aiazWnUpryRtAWHIn6mbuMfwYeZvcBLsKOYFOP9lJFGE4qkUjMMWwoq_cLaFp_wb9sDa_8ekPxgP73t53lWqgE1GPIw37YQQSPeDSAKoeZ8WXSTaqZZAqRD0xIMb1CMGM5tXudhLK8X462J6_w?testcase_id=4815087699492864 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 21 2016
,
Oct 25 2016
,
Oct 31 2016
,
Oct 31 2016
[Automated comment] DEPS changes referenced in bugdroid comments, needs manual review.
,
Oct 31 2016
+ awhalley@ for M55 Merge review
,
Oct 31 2016
This has been in Canary for 10 days and Dev for 4+, looks good for M55.
,
Oct 31 2016
Approving merge to M55 branch 2883 based on comment #16. Please merge ASAP. Thank you.
,
Nov 1 2016
The patch above is built on early patches, such as a35ab3e6e024d0b548ded26a2e3b8ecd838ead93 (reviewed in https://chromiumcodereview.appspot.com/2426173002). I recommend against applying all dependency patches, given their size and complexity.
,
Nov 1 2016
HI caryclark@ - thanks for the heads up. Is your recommendation not to take anything for M55 or is there a cherrypick that might better than a full roll?
,
Nov 1 2016
I'm unaware of a tool to determine the set of CLs that need to be applied to make this CL applicable. If you know of such a tool or a set of git commands that can do this, I'd be happy to try it out. I'd prefer not to create a new CL that has the same effect as this CL -- guaranteeing that it was in fact the same would be difficult. Rolling all of Skia forward would likely break some other part of Chrome. If your determination is that fixing this patch is of paramount importance, I'll put the time into coming up with something, but I would prefer to leave this alone.
,
Nov 1 2016
Thanks for the details. I'm OK with not taking this for 55.
,
Nov 7 2016
,
Jan 27 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mbarbe...@chromium.org
, Oct 20 2016Owner: caryclark@google.com
Status: Assigned (was: Untriaged)