Issue 684386 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Owner:	herb@google.com
Closed:	Jan 2017
Cc:	bunge...@chromium.org
Components:	Internals>Skia
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	1
Type:	Bug-Security
ReleaseBlock-Beta Reproducible Stability-Memory-AddressSanitizer reward-ineligible Security_Impact-Head Security_Severity-High allpublic Clusterfuzz M-58

Crash in SkGlyphCache::~SkGlyphCache

Project Member Reported by ClusterFuzz, Jan 24 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6569516818759680

Fuzzer: inferno_canvas_wrecker
Job Type: windows_asan_chrome
Platform Id: windows

Crash Type: UNKNOWN WRITE
Crash Address: 0xa25da9e3
Crash State:
  SkGlyphCache::~SkGlyphCache
  SkGlyphCache_Globals::internalPurge
  SkGlyphCache::AttachCache
  
Sanitizer: address (ASAN)

Recommended Security Severity: High

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome&range=445391:445491

Minimized Testcase (2.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94jDlIljkqsreQDJC-POeeXjHhIRjIIn-n7YtIrDypXHWxqPI_T5LJBFs6pxYeSX8Oj0N8xVJIGGmpXUWNrupP5zcKNoAWqTZSCyHrrg9Fr5d0TDMCW6xtLEmCLDLBJNO6boh7TYQabQ5YtMeZm10-ruT_qiUSO4CfzcOPp0OvVlHoAwXjSu4P__qRZMJe3dnfsE3pcjiUqduhbX4StY-zoXxFolcI5oaVLQQMV0BOP8tkS_GTzWQMoT4rCRVZzKBRsy_nin6kCnojetGNG_WS-JbYY-BIW27r6AFJbTl0C7En3SHs7pi4YAzzvaxqkvmbIEqjVQ1ml2JWZc6cNxqpzFKf-UK54q3DxJpEQmR0uLc70fn0?testcase_id=6569516818759680

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Project Member

Comment 1 by sheriffbot@chromium.org, Jan 24 2017

Labels: M-57

Project Member

Comment 2 by sheriffbot@chromium.org, Jan 24 2017

Labels: ReleaseBlock-Beta

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 3 by sheriffbot@chromium.org, Jan 24 2017

Labels: Pri-1

Comment 4 by est...@chromium.org, Jan 24 2017

Components: Internals>Skia

Comment 5 by est...@chromium.org, Jan 24 2017

Owner: reed@chromium.org
Status: Assigned (was: Untriaged)

reed, can you please help triage this Skia security bug? Thanks.

Comment 6 by hcm@chromium.org, Jan 24 2017

Owner: hcm@chromium.org

Comment 7 by hcm@chromium.org, Jan 24 2017

Owner: bunge...@chromium.org

Think I need Ben to take a look- why these are popping up now is a mystery, I don't see changes in this space...

Comment 8 by awhalley@chromium.org, Jan 25 2017

Please note that as this bug is marked as ReleaseBlock-Beta for M57, changes needs to be on trunk by this Friday, 1/27, to make the M57 branch. Please prioritise accordingly. Thanks!

Comment 9 by bunge...@chromium.org, Jan 25 2017

Cc: bunge...@chromium.org
Owner: herb@chromium.org

Most likely caused by same bug as issue 684061

Comment 10 by herb@chromium.org, Jan 25 2017

Owner: herb@google.com

Comment 11 by herb@google.com, Jan 25 2017

Mergedinto: 683578
Status: Duplicate (was: Assigned)

Project Member

Comment 12 by sheriffbot@chromium.org, Jan 26 2017

Labels: reward-topanel

The older reward-topanel  issue 684322  has been merged into this one. Please manually review this issue to see if the duplicate is potentially eligible for a reward.

Project Member

Comment 13 by sheriffbot@chromium.org, Jan 27 2017

Labels: -reward-topanel reward-ineligible

Comment 14 by awhalley@chromium.org, Jan 27 2017

Labels: -M-57 M-58

Project Member

Comment 15 by sheriffbot@chromium.org, May 4 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 684386 link

Issue metadata

Crash in SkGlyphCache::~SkGlyphCache

Issue description

Comment 1 by sheriffbot@chromium.org, Jan 24 2017

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Jan 24 2017

Comment 2 Deleted

Comment 3 by sheriffbot@chromium.org, Jan 24 2017

Comment 3 Deleted

Comment 4 by est...@chromium.org, Jan 24 2017

Comment 4 Deleted

Comment 5 by est...@chromium.org, Jan 24 2017

Comment 5 Deleted

Comment 6 by hcm@chromium.org, Jan 24 2017

Comment 6 Deleted

Comment 7 by hcm@chromium.org, Jan 24 2017

Comment 7 Deleted

Comment 8 by awhalley@chromium.org, Jan 25 2017

Comment 8 Deleted

Comment 9 by bunge...@chromium.org, Jan 25 2017

Comment 9 Deleted

Comment 10 by herb@chromium.org, Jan 25 2017

Comment 10 Deleted

Comment 11 by herb@google.com, Jan 25 2017

Comment 11 Deleted

Comment 12 by sheriffbot@chromium.org, Jan 26 2017

Comment 12 Deleted

Comment 13 by sheriffbot@chromium.org, Jan 27 2017

Comment 13 Deleted

Comment 14 by awhalley@chromium.org, Jan 27 2017

Comment 14 Deleted

Comment 15 by sheriffbot@chromium.org, May 4 2017

Comment 15 Deleted

Sign in to add a comment