Issue metadata
Sign in to add a comment
|
!m_drawingBuffer->m_stateRestorer in DrawingBuffer.cpp |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5849038600798208 Fuzzer: inferno_layout_test_unmodified Job Type: linux_msan_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !m_drawingBuffer->m_stateRestorer in DrawingBuffer.cpp blink::DrawingBuffer::resolveAndBindForReadAndDraw blink::WebGLRenderingContextBase::paintRenderingResultsToCanvas Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=427174:427199 Minimized Testcase (6.66 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97hYuaqXLRpvqWzX02L-iN657rcgH5noTLK9bORzTZOKdXNbRPZJY_VTZ_RQFN-DxrpzWt2tOWRjcggvHd-k2hZqpUU70ukNDWP7ntjVr7_9hJ1UAHqq66ItyU8Q9wqAva0qVvWZxv-8I4l0e0Jb9hpBcRl-w?testcase_id=5849038600798208 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Oct 27 2016
Recording the stack for posterity. Spinning a patch that fixes the issue #0 0x7fe23c1839e0 __interceptor_backtrace #1 0x7fe246561492 base::debug::StackTrace::StackTrace() #2 0x7fe2465f7e5d logging::LogMessage::~LogMessage() #3 0x7fe260b77f71 blink::DrawingBuffer::resolveAndBindForReadAndDraw() #4 0x7fe25ad05b4b blink::WebGLRenderingContextBase::paintRenderingResultsToCanvas() #5 0x7fe2566b258a blink::HTMLCanvasElement::getSourceImageForCanvas() #6 0x7fe2566af1d1 blink::HTMLCanvasElement::notifyListenersCanvasChanged() #7 0x7fe260b65530 blink::DrawingBuffer::prepareTextureMailboxInternal() #8 0x7fe260b64e49 blink::DrawingBuffer::PrepareTextureMailbox() #9 0x7fe25e95def3 cc::TextureLayer::Update() #10 0x7fe24b5dd430 cc::LayerTree::UpdateLayers() #11 0x7fe25ea96eb4 cc::LayerTreeHostInProcess::DoUpdateLayers() #12 0x7fe25ea9596f cc::LayerTreeHostInProcess::UpdateLayers() #13 0x7fe25eaa598b cc::ProxyMain::BeginMainFrame()
,
Oct 27 2016
,
Oct 29 2016
ClusterFuzz has detected this issue as fixed in range 428077:428329. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5849038600798208 Fuzzer: inferno_layout_test_unmodified Job Type: linux_msan_chrome Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: !m_drawingBuffer->m_stateRestorer in DrawingBuffer.cpp blink::DrawingBuffer::resolveAndBindForReadAndDraw blink::WebGLRenderingContextBase::paintRenderingResultsToCanvas Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=427174:427199 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=428077:428329 Minimized Testcase (6.66 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97hYuaqXLRpvqWzX02L-iN657rcgH5noTLK9bORzTZOKdXNbRPZJY_VTZ_RQFN-DxrpzWt2tOWRjcggvHd-k2hZqpUU70ukNDWP7ntjVr7_9hJ1UAHqq66ItyU8Q9wqAva0qVvWZxv-8I4l0e0Jb9hpBcRl-w?testcase_id=5849038600798208 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 31 2016
I think this is now fixed.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mmohammad@chromium.org
, Oct 26 2016Status: Assigned (was: Untriaged)