Crash in TessellatingPathOp::drawAA |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5063701385445376 Fuzzer: inferno_canvas_wrecker Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000001e8 Crash State: TessellatingPathOp::drawAA TessellatingPathOp::onPrepareDraws GrMeshDrawOp::onPrepare Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=449562:449564 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv9659maDoxB_qgPKpjYhisvt6gFZxD7wgbcgClR55mT1aHrEa8QhAiLSQnYsZY8ZLVKP608bdygJfZF1xl4s0Gxfli0VdUtCc6uIsDuKORvJZqNI7Y1lO98b01zeU4Xq-5LonHj-jqINsMoqjS1zedyPmEIFMv-e2pmswx1Nk4ep0Qd5mTliuP9PhqPxOEgAWgIfSsSTKKyB0Cn4npIfp9c0e2zFLFExYgfmalTYC7CF_A1nkdW51HZ8tGm4gi8UbTcPUsC0cv-IAv29BoUjf3FPFVn_nMVAA-NxxPhz3XXFvyDcM2QAExA5bm_8Iu5lJIvpQdIAdR90sEagDHJfuJPVrRsYJcpsFT3V1vmoBh1FDCW7YcSIjOzUcmzy_ukzHgEyzHUllIOAHUT2c9QHba_P6CDmfw?testcase_id=5063701385445376 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Feb 15 2017
,
Feb 15 2017
The following revision refers to this bug: https://skia.googlesource.com/skia/+/cc70083fbf76fd86b901fffdcce40d0f53787fc8 commit cc70083fbf76fd86b901fffdcce40d0f53787fc8 Author: Stephen White <senorblanco@chromium.org> Date: Wed Feb 15 17:42:26 2017 GrTessellator (AA): null GrGeometryProcessor crash fix. Add a null-check on geometry processor creation. Add a test which exercises it: AA tessellator, with a non-invertible matrix and a fragment processor which needs local coords (e.g., linear gradient). BUG= 691902 Change-Id: I005b893aed58d3ad2500c41501045ac94b0b4b95 Reviewed-on: https://skia-review.googlesource.com/8462 Reviewed-by: Brian Salomon <bsalomon@google.com> Commit-Queue: Stephen White <senorblanco@chromium.org> [modify] https://crrev.com/cc70083fbf76fd86b901fffdcce40d0f53787fc8/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/cc70083fbf76fd86b901fffdcce40d0f53787fc8/src/gpu/ops/GrTessellatingPathRenderer.cpp
,
Feb 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b05e107a3d28faf33ee6a3f4fc39aa4b560dc62e commit b05e107a3d28faf33ee6a3f4fc39aa4b560dc62e Author: skia-deps-roller <skia-deps-roller@chromium.org> Date: Thu Feb 16 09:12:03 2017 Roll src/third_party/skia/ 2b512d00e..394d41445 (19 commits). https://skia.googlesource.com/skia.git/+log/2b512d00ef8d..394d414452a5 $ git log 2b512d00e..394d41445 --date=short --no-merges --format='%ad %ae %s' 2017-02-14 dmazzoni Implement SkHighContrastFilter 2017-02-15 mtklein SkJumper 2017-02-15 bungeman Work around Mac x- and cap-height calculation. 2017-02-15 msarett Use non-linear blending flag in raster pipeline blitter 2017-02-15 mtklein Clean up SkSplicer. 2017-02-15 egdaniel Update intel linux vulkan driver 2017-02-15 reed return and take SkImageGenerator as unique_ptr 2017-02-15 bsalomon Check that coverage FPs are compatible with alpha as coverage 2017-02-15 robertphillips Tighten up GrSurfaceProxy typing 2017-02-15 jcgregorio Move documentation to use the embedded fiddle elements. 2017-02-15 ethannicholas improved performance of parsing SkSLLayout flags 2017-02-15 halcanary fiddle: use sstream for text, code cleanup 2017-02-15 reed Revert "Revert "make SkClipStack.h private (in src)"" 2017-02-15 robertphillips Add GrMakeCachedBitmapProxy 2017-02-14 chet Avoid constant view inflation on viewer sample app 2017-02-15 mtklein Disable SkSplicer. 2017-02-15 senorblanco GrTessellator (AA): null GrGeometryProcessor crash fix. 2017-02-15 reed Revert "make SkClipStack.h private (in src)" 2017-02-15 bsalomon Clarify when tweak alpha for coverage optimizaton can occur. Created with: roll-dep src/third_party/skia BUG= 691902 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel TBR=bungeman@google.com Review-Url: https://codereview.chromium.org/2698063004 Cr-Commit-Position: refs/heads/master@{#450909} [modify] https://crrev.com/b05e107a3d28faf33ee6a3f4fc39aa4b560dc62e/DEPS
,
Feb 21 2017
This should be fixed by the change which rolled in in r450909. I'll wait for ClusterFuzz to close it, though.
,
Mar 1 2017
ClusterFuzz has detected this issue as fixed in range 450875:450937. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5063701385445376 Fuzzer: inferno_canvas_wrecker Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000001e8 Crash State: TessellatingPathOp::drawAA TessellatingPathOp::onPrepareDraws GrMeshDrawOp::onPrepare Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=449562:449564 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=450875:450937 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv9659maDoxB_qgPKpjYhisvt6gFZxD7wgbcgClR55mT1aHrEa8QhAiLSQnYsZY8ZLVKP608bdygJfZF1xl4s0Gxfli0VdUtCc6uIsDuKORvJZqNI7Y1lO98b01zeU4Xq-5LonHj-jqINsMoqjS1zedyPmEIFMv-e2pmswx1Nk4ep0Qd5mTliuP9PhqPxOEgAWgIfSsSTKKyB0Cn4npIfp9c0e2zFLFExYgfmalTYC7CF_A1nkdW51HZ8tGm4gi8UbTcPUsC0cv-IAv29BoUjf3FPFVn_nMVAA-NxxPhz3XXFvyDcM2QAExA5bm_8Iu5lJIvpQdIAdR90sEagDHJfuJPVrRsYJcpsFT3V1vmoBh1FDCW7YcSIjOzUcmzy_ukzHgEyzHUllIOAHUT2c9QHba_P6CDmfw?testcase_id=5063701385445376 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 1 2017
ClusterFuzz has detected this issue as fixed in range 450875:450937. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5063701385445376 Fuzzer: inferno_canvas_wrecker Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000001e8 Crash State: TessellatingPathOp::drawAA TessellatingPathOp::onPrepareDraws GrMeshDrawOp::onPrepare Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=449562:449564 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=450875:450937 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv9659maDoxB_qgPKpjYhisvt6gFZxD7wgbcgClR55mT1aHrEa8QhAiLSQnYsZY8ZLVKP608bdygJfZF1xl4s0Gxfli0VdUtCc6uIsDuKORvJZqNI7Y1lO98b01zeU4Xq-5LonHj-jqINsMoqjS1zedyPmEIFMv-e2pmswx1Nk4ep0Qd5mTliuP9PhqPxOEgAWgIfSsSTKKyB0Cn4npIfp9c0e2zFLFExYgfmalTYC7CF_A1nkdW51HZ8tGm4gi8UbTcPUsC0cv-IAv29BoUjf3FPFVn_nMVAA-NxxPhz3XXFvyDcM2QAExA5bm_8Iu5lJIvpQdIAdR90sEagDHJfuJPVrRsYJcpsFT3V1vmoBh1FDCW7YcSIjOzUcmzy_ukzHgEyzHUllIOAHUT2c9QHba_P6CDmfw?testcase_id=5063701385445376 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 1 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by msrchandra@chromium.org
, Feb 14 2017Components: Internals>GPU>Rasterization
Labels: Test-Predator-Wrong-CLs
Owner: halcanary@chromium.org
Status: Assigned (was: Untriaged)