Issue metadata
Sign in to add a comment
|
Integer-overflow in GrSurface::WorstCaseSize |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4916672302678016 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: GrSurface::WorstCaseSize GrTextureProvider::refScratchTexture GrContext::makeRenderTargetContext Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=429839:429929 Minimized Testcase (0.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv969rEhG_1yCPSkCa2an_RgsY-O9TUOqQd4yeA1yA7uFw42rMhRvsuR3oMbgbid6nvBU58HMuflVrlD09z380H6GWeBq_jq-e9vrr5_wy6La6HCqZTUjAylCQiyvyY-HeLtbDzUFsQbSgk0KUV3XODuQ3i0Biw?testcase_id=4916672302678016 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 9 2016
The following revision refers to this bug: https://skia.googlesource.com/skia.git/+/68b7a52a0b9355b357d4bd72bca479916d115d7c commit 68b7a52a0b9355b357d4bd72bca479916d115d7c Author: Robert Phillips <robertphillips@google.com> Date: Wed Nov 09 13:03:21 2016 Fix fuzzer bug BUG= 663687 GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4580 Change-Id: I9e914a1134b8049cf62bb36d4a6145eb8487d4e6 Reviewed-on: https://skia-review.googlesource.com/4580 Reviewed-by: Robert Phillips <robertphillips@google.com> Commit-Queue: Robert Phillips <robertphillips@google.com> [modify] https://crrev.com/68b7a52a0b9355b357d4bd72bca479916d115d7c/src/gpu/GrSurface.cpp
,
Nov 9 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e17b8960eaa876308d02e76e680740e89895e626 commit e17b8960eaa876308d02e76e680740e89895e626 Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Wed Nov 09 15:36:43 2016 Roll src/third_party/skia/ 3743013f7..68b7a52a0 (1 commit). https://skia.googlesource.com/skia.git/+log/3743013f755d..68b7a52a0b93 $ git log 3743013f7..68b7a52a0 --date=short --no-merges --format='%ad %ae %s' 2016-11-09 robertphillips Fix fuzzer bug BUG= 663687 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel TBR=scroggo@google.com Review-Url: https://codereview.chromium.org/2492463002 Cr-Commit-Position: refs/heads/master@{#430936} [modify] https://crrev.com/e17b8960eaa876308d02e76e680740e89895e626/DEPS
,
Nov 10 2016
ClusterFuzz has detected this issue as fixed in range 430933:430936. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4916672302678016 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: GrSurface::WorstCaseSize GrTextureProvider::refScratchTexture GrContext::makeRenderTargetContext Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=429839:429929 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=430933:430936 Minimized Testcase (0.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv969rEhG_1yCPSkCa2an_RgsY-O9TUOqQd4yeA1yA7uFw42rMhRvsuR3oMbgbid6nvBU58HMuflVrlD09z380H6GWeBq_jq-e9vrr5_wy6La6HCqZTUjAylCQiyvyY-HeLtbDzUFsQbSgk0KUV3XODuQ3i0Biw?testcase_id=4916672302678016 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 10 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by nyerramilli@chromium.org
, Nov 9 2016Components: Internals>GPU>Rasterization
Labels: -Type-Bug M-56 Test-Predator-Correct-CLs Type-Bug-Regression
Owner: robertphillips@chromium.org
Status: Assigned (was: Untriaged)