New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 682268 link

Starred by 1 user
Status: Duplicate
Owner:
herb@google.com
Closed: Jan 2017
Cc:
reed@chromium.org
herb@chromium.org
ifratric@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in SkRasterPipelineBlitter::~SkRasterPipelineBlitter

Project Member Reported by ClusterFuzz, Jan 18 2017 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4779690532536320

Fuzzer: ifratric-browserfuzzer-v3
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x70230d60
Crash State:
  SkRasterPipelineBlitter::~SkRasterPipelineBlitter
  SkRasterPipelineBlitter::`scalar deleting destructor'
  SkSmallAllocator<3,NUMBER>::DefaultDestructor<class SkState_Blitter<struct State
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome&range=444293:444299

Minimized Testcase (0.54 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97GLxuWX9Z5fVyL-gaabojXSQH42CHj30JP6ii8xtbDx1w4hjYpw51_aUAxDZxzSWpR27JU5tIc-R4WEGeIKohooXry_FYWcSk8ZKCQY2DrgIaNhkJzDRYuMPGl1WntKxFY-UE4xm0ADNBCo_dnICyPeUbVRjh_2cUT8qN2XY_7OfQkoEox7u3TmKMKH7PTviPohmxcs0AKyIajHmsGfTAz-0Phr-zqEv1jQlp-ef1AGNM7lwTcrXCw4WI_9DMHJthiTR61aQ2DFz6ijW85f0xmTljjXErmokzJn5UUJMSVwKErzOM5PoVV_MsoUr6UrsjdUAhfXVEascWDo7gn8mwqgGp7RvtDdABXf8xSkTDtaQ8YeIQ?testcase_id=4779690532536320

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by aarya@google.com, Jan 18 2017

Cc: reed@chromium.org
Components: Internals>Skia
Owner: herb@google.com
Status: Assigned (was: Untriaged)
Project Member

Comment 2 by sheriffbot@chromium.org, Jan 19 2017

Labels: M-57
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 19 2017

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by sheriffbot@chromium.org, Jan 19 2017

Labels: Pri-1

Comment 5 by gov...@chromium.org, Jan 23 2017 


A friendly reminder that M57 Beta launch is coming soon on February 2nd! Your bug is labelled as Beta ReleaseBlock, pls make sure to land the fix and get it merged into the release branch (2987) ASAP so it gets enough baking time in Dev (before Beta promotion). Thank you!

Comment 6 by aarya@google.com, Jan 23 2017

Cc: herb@chromium.org
 Issue 682645  has been merged into this issue.

Comment 7 by herb@google.com, Jan 23 2017

Mergedinto: 681855
Status: Duplicate (was: Assigned)

Comment 8 by awhalley@chromium.org, Jan 27 2017

Labels: -ReleaseBlock-Beta
Project Member

Comment 9 by sheriffbot@chromium.org, May 2 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment