This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

reed/bsalomon: could you please help triage this? It looks like a crash in skia.

Thanks!

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/ab8e02a4dee79fc4300c5eec0fbbc44d07f433d3

commit ab8e02a4dee79fc4300c5eec0fbbc44d07f433d3
Author: Hal Canary <halcanary@google.com>
Date: Mon Feb 27 15:39:04 2017

SkGradientShader: Fix multi-byte-read-stack-use-after-scope

BUG= chromium:694098 
Change-Id: I9dfd61d1eed123fce33acf55f6f68e80ac41da25
Reviewed-on: https://skia-review.googlesource.com/8985
Reviewed-by: Leon Scroggins <scroggo@google.com>
Commit-Queue: Hal Canary <halcanary@google.com>

[modify] https://crrev.com/ab8e02a4dee79fc4300c5eec0fbbc44d07f433d3/src/effects/gradients/SkGradientShader.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/45d10534f79c3af0fbdc09ac4bae28137b3dd3a9

commit 45d10534f79c3af0fbdc09ac4bae28137b3dd3a9
Author: skia-deps-roller <skia-deps-roller@chromium.org>
Date: Mon Feb 27 16:58:45 2017

Roll src/third_party/skia/ 61b721c44..ab8e02a4d (2 commits).

https://skia.googlesource.com/skia.git/+log/61b721c449d0..ab8e02a4dee7

$ git log 61b721c44..ab8e02a4d --date=short --no-merges --format='%ad %ae %s'
2017-02-27 halcanary SkGradientShader: Fix multi-byte-read-stack-use-after-scope
2017-02-27 mtklein Drop SkRasterPipelineBench N to 15.

Created with:
  roll-dep src/third_party/skia
BUG= 694098 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel
TBR=caryclark@google.com

Review-Url: https://codereview.chromium.org/2717363002
Cr-Commit-Position: refs/heads/master@{#453236}

[modify] https://crrev.com/45d10534f79c3af0fbdc09ac4bae28137b3dd3a9/DEPS

ClusterFuzz has detected this issue as fixed in range 453220:453249.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6364138411655168

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_gpu
Platform Id: linux

Crash Type: Stack-use-after-scope READ 12
Crash Address: 0x7f34a854c330
Crash State:
  SkGradientShaderBase::commonAsAGradient
  SkTwoPointConicalGradient::asAGradient
  SkPDFShader::State::State
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_gpu&range=445058:445150
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_gpu&range=453220:453249

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94sI0o5DofLXnuURf5EatiktiSq3cGGMTA4YelgJHtwXAiJwyzPd6C9q0ulqnfhlTPN54hgKgv6hmC_SB8-Ft7hbUhLD_j6dduiROgjW2QkpqvjeSRTZ1hqyGkXGMHS7DbzHTYVyoWOTcqYc9wGSp8mqbYCfoOGN4zVofNJGTAT6KIVHaWrB6fmn_sg8qjek0wjIMwp5AA6wf9P0QwQ46xI0ph-32EjFc9mEDyHDgOckJ1767Xmg8znVfLnuz4Apio-aTlF9CLjQ0qwshFsRCwI5oPYoN6m0nvoLLaQ8fWrtLFtpPGIGyJF1Nebc1P_-lNN-HUXo42OynY3Jy8hQXRujKoP1Q5IgHNx4TLwfbnDpwQ6ts61swTctO3554BPemxSmXH-nvaTLt_wcl7BpqW-lHzUlQ?testcase_id=6364138411655168


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6364138411655168 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot