New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 685201 link

Starred by 1 user
Status: Fixed
Owner:
herb@google.com
Closed: Jan 2017
Cc:
miau...@gmail.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in GetCombinedHistogramEntropy

Project Member Reported by ClusterFuzz, Jan 25 2017

Comment 1 by est...@chromium.org, Jan 25 2017

Components: Internals>Skia
Owner: hcm@chromium.org
Status: Assigned (was: Untriaged)
Project Member

Comment 2 by sheriffbot@chromium.org, Jan 26 2017

Labels: M-57
Project Member

Comment 3 by sheriffbot@chromium.org, Jan 26 2017

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by sheriffbot@chromium.org, Jan 26 2017

Labels: Pri-1

Comment 5 by hcm@chromium.org, Jan 26 2017

Owner: herb@chromium.org
Herb has been working on some SkArenaAlloc fixes that may also address this (?)

Comment 6 by herb@chromium.org, Jan 26 2017

Owner: herb@google.com
Project Member

Comment 7 by sheriffbot@chromium.org, Jan 27 2017

Labels: -Security_Impact-Head Security_Impact-Beta

Comment 8 by awhalley@chromium.org, Jan 27 2017

Labels: -M-57 M-58

Comment 9 by awhalley@chromium.org, Jan 27 2017

Labels: -Security_Impact-Beta Security_Impact-Head

Comment 10 by herb@google.com, Jan 30 2017

Status: Fixed (was: Assigned)
Project Member

Comment 11 by sheriffbot@chromium.org, Jan 31 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 12 by awhalley@chromium.org, Feb 6 2017

Labels: -reward-topanel reward-0

Comment 13 by awhalley@google.com, Mar 15 2017

Labels: -ReleaseBlock-Beta
Project Member

Comment 14 by ClusterFuzz, Apr 19 2017 

ClusterFuzz has detected this issue as fixed in range 445914:445971.

Detailed report: https://clusterfuzz.com/testcase?key=6177669772476416

Fuzzer: miaubiz_css_fuzzer
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x14b0180c
Crash State:
  GetCombinedHistogramEntropy
  SkGlyphCache::~SkGlyphCache
  SkGlyphCache_Globals::internalPurge
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=445853:445914
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=445914:445971

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94y0zh9HJIc19EuRdhuLjYE2XO1kE5oZU5IsybrPoGA5DHSPQwhXMjoHJiq3tM8g75BdvEIfMvH2m_94SLQH-ZeNiInAVv81Rd8IrwupF6wvzPPsjIB-CTHmjS2s39myVOaObgQlT8Of7AhzBFbggaaj0ShZg_H2F2EnkJZ4iYdeiSsC_F2hC0WXtYTTQrFtx_aP9BYqy0_dRPQ573ANZ5r6etMBa2c9RLkdUC8GZU8TOg1fhD2Ak5af1eii1eK_W0Zhzpl6xd5-eFVTNDPMhBnARZo9Vbq-6UAUigplEgp7Pio07hzlfIky9Fo6rLrPgPhnav_XoEU8esPKFlcfyAImOUI9hVB4iDm0BEb-8zVZ1oLPik?testcase_id=6177669772476416


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 15 by sheriffbot@chromium.org, May 9 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment