Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4687777225768960 Fuzzer: miaubiz_svg_fuzzer Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: SkBitmapDevice::drawSpecial SkCanvas::internalDrawDevice SkCanvas::internalRestore Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=440242:440280 Minimized Testcase (1.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94c8Sm6jStgNsI6gtcGDVT_ErUbrmpCA8GaMAk9R9vceJ7n1nFvEBEGRBA_JQcHxUUO_b7XHOfLQwnMYZXIhHxO7hyPDMw2zfJ_YL3XxHANkN2jJuj3QofjsSzLySl9lNf-wcK_DFny87HFfBjmKWhutMGjI0GjV8etKYtYPQo0G8zFunBEd5B4-3XGGGmsTBejKZs-20uXSwZGj0QNJItMC3p1h-yoHJYdtHKRP2sCUlSFyXJzF1NUGNq-vfSutu9Dlx-0zZotYGrnqa4ciIYNusGv6c1Qj7oc1dPMu-cTQ8GI5Ag6YjETiZZceZL653PMQY-5Aa0BwjgOg-ocyXfhICHlFfHq7wsvpOvQ-SM09xi7jKfwEwjb_iSkVPcQgup_ulheiBGJjQzgT5OCmhCO1rCAqA?testcase_id=4687777225768960 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Possible suspect from the above CL based on the SkDebugCanvas related changes. https://skia.googlesource.com/skia.git/+/4bf98e7e802edf43effec93bea22fecb031f65f1 bsalomon@: Could you please take a look into this if its related to your change.
SkDebugCanvas is not related. This appears to be in the sw backend.
ClusterFuzz has detected this issue as fixed in range 443650:443891. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4687777225768960 Fuzzer: miaubiz_svg_fuzzer Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: SkBitmapDevice::drawSpecial SkCanvas::internalDrawDevice SkCanvas::internalRestore Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=440242:440280 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=443650:443891 Minimized Testcase (1.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94c8Sm6jStgNsI6gtcGDVT_ErUbrmpCA8GaMAk9R9vceJ7n1nFvEBEGRBA_JQcHxUUO_b7XHOfLQwnMYZXIhHxO7hyPDMw2zfJ_YL3XxHANkN2jJuj3QofjsSzLySl9lNf-wcK_DFny87HFfBjmKWhutMGjI0GjV8etKYtYPQo0G8zFunBEd5B4-3XGGGmsTBejKZs-20uXSwZGj0QNJItMC3p1h-yoHJYdtHKRP2sCUlSFyXJzF1NUGNq-vfSutu9Dlx-0zZotYGrnqa4ciIYNusGv6c1Qj7oc1dPMu-cTQ8GI5Ag6YjETiZZceZL653PMQY-5Aa0BwjgOg-ocyXfhICHlFfHq7wsvpOvQ-SM09xi7jKfwEwjb_iSkVPcQgup_ulheiBGJjQzgT5OCmhCO1rCAqA?testcase_id=4687777225768960 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 4687777225768960 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Comment 1 by msrchandra@chromium.org
, Jan 9 2017Components: Internals>Skia
Labels: Test-Predator-Wrong-CLs