Issue 695536 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 647121
Owner:	mtklein@chromium.org
Closed:	Feb 2017
Cc:	ifratric@google.com
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	----
Type:	Bug-Security
Reproducible Security_Severity-Medium Stability-Memory-MemorySanitizer Security_Impact-Beta allpublic Clusterfuzz

Use-of-uninitialized-value in sse41::blit_row_s32a_opaque

Project Member Reported by ClusterFuzz, Feb 23 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6678849309114368

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  sse41::blit_row_s32a_opaque
  SkARGB32_Shader_Blitter::blitRect
  SkScan::FillIRect
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=422899:423265

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv955HbD-aTkIaaMyvRyjNhUwEFtpG_yPeRcnpd8prmDrK9gTzzRiBhjkCTJHGNrd6Gxu5sQH9wMl95As5PK-FEiXd7pE7VQE0a5T1L0o_E6MVDUl5RA7TW_aF9oz3W-cXD5ImsONMPSc-h7e9NTGXgVmmn4oUQ?testcase_id=6678849309114368


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by kerrnel@chromium.org, Feb 23 2017

Owner: mtklein@chromium.org
Status: Assigned (was: Untriaged)

mtklein@ can you please take a look or assign this to someone who can? Thank you.

Comment 2 by mtklein@chromium.org, Feb 23 2017

Mergedinto: 647121
Status: Duplicate (was: Assigned)

Project Member

Comment 3 by ClusterFuzz, Apr 18 2017

ClusterFuzz has detected this issue as fixed in range 464942:464964.

Detailed report: https://clusterfuzz.com/testcase?key=6678849309114368

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  sse41::blit_row_s32a_opaque
  SkARGB32_Shader_Blitter::blitRect
  SkScan::FillIRect
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=422899:423265
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=464942:464964

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv955HbD-aTkIaaMyvRyjNhUwEFtpG_yPeRcnpd8prmDrK9gTzzRiBhjkCTJHGNrd6Gxu5sQH9wMl95As5PK-FEiXd7pE7VQE0a5T1L0o_E6MVDUl5RA7TW_aF9oz3W-cXD5ImsONMPSc-h7e9NTGXgVmmn4oUQ?testcase_id=6678849309114368


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 4 by sheriffbot@chromium.org, Jun 2 2017

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 695536 link

Issue metadata

Use-of-uninitialized-value in sse41::blit_row_s32a_opaque

Issue description

Comment 1 by kerrnel@chromium.org, Feb 23 2017

Comment 1 Deleted

Comment 2 by mtklein@chromium.org, Feb 23 2017

Comment 2 Deleted

Comment 3 by ClusterFuzz, Apr 18 2017

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, Jun 2 2017

Comment 4 Deleted

Sign in to add a comment