New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 681804 link

Starred by 1 user
Status: Duplicate
Owner:
herb@chromium.org
Last visit > 30 days ago
Closed: Jan 2017
Cc:
reed@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in SkArenaAlloc::~SkArenaAlloc

Project Member Reported by ClusterFuzz, Jan 17 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6533467614740480

Fuzzer: inferno_webbot
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x5f9676c0
Crash State:
  SkArenaAlloc::~SkArenaAlloc
  SkRasterPipelineBlitter::~SkRasterPipelineBlitter
  SkRasterPipelineBlitter::`scalar deleting destructor'
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome&range=443909:443939

Minimized Testcase (0.06 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97Q330zrYc2pCW4u_-bs09cfCxUOl58BWA2VJ1H9j6r3RUN7eRcnrCmn6E2PZYB3UkAX6-i7MbevU3oEUyFAbC23W8jTvjntm2w3ZvdSludWWCqsHkx1bI1uNZkM60LeyDWsIW30sJNeemE6GkppC-KrNg5WTbMa9OK4PmhruKScOTnKwTpftIuuPQ0aTSz77Y9nFFTf6eskPUxe4XWtQ2X-bAjU3Fb215U9Rb4d5y9vUNKKTZIs0FYyS7HNYygCzzzUBFmaniCuNfVVnwWvml0ceGToep40tTjdpT-67lIG7yb9ydBYfRDFWVCiJwAMOYxXtaMAW4TS5MQGMJoIpKCqZRsVgb4f9wSVVJeZ0VLH2aTUpY?testcase_id=6533467614740480
<script>
window.location = "http://gahannaschools.org";</script>


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Jan 17 2017

Labels: M-57
Project Member

Comment 2 by sheriffbot@chromium.org, Jan 17 2017

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 17 2017

Labels: Pri-1

Comment 4 by palmer@chromium.org, Jan 18 2017

Components: Internals>Skia
Labels: OS-Android OS-Chrome OS-Linux OS-Mac
Owner: reed@chromium.org
Status: Assigned (was: Untriaged)

Comment 5 by hcm@chromium.org, Jan 19 2017

Cc: reed@google.com
Owner: herb@chromium.org
Over to Herb for a look...

Comment 6 by hcm@chromium.org, Jan 19 2017

Labels: -OS-Linux -OS-Android -OS-Chrome -OS-Mac
Mergedinto: 681855
Status: Duplicate (was: Assigned)
And he's already got it, trying (unsuccessfully so far) to get a repro..also this is Win only.
Project Member

Comment 7 by sheriffbot@chromium.org, Apr 28 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment