Crash in blink::ImageBitmap::ImageBitmap |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4648560768581632 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::ImageBitmap::ImageBitmap blink::ImageBitmap::create blink::HTMLCanvasElement::createImageBitmap Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=431896:432166 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95SgfTDTEpLo_x6Po-vsS8MW9HTDGP2l1xdps5N98GZzp2p9PuAdB4KiuaPJTDz-yw-u7FaRyZV_Goht_Zzxl3LeXJM00rsCmVP4mVa3ff1wgUfC3hQavK2oGzeh8xisBbMgeefZ9UsBtSma8q1_2YZv0tdkaEeTh1yDD5UjS6Hf047mWGWqj4-ds1oY6qyn0a9uPwIQgI_U8HMGqHfo21i8IWT08BnJ5yHE_DvjTXYmj9mYUd09hYl_WRuMRRdcVxxu008oE_z18DQNOgjxkfjd5ylgTvq9ijS349OEWbRVEBNTFWZQi03oSNohdQEZyN3Eq7CFiemxqHN3xiQvJQnL06WWddiF4jkFBrWcyf8KWiGLQs?testcase_id=4648560768581632 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 8 2017
I'm restructuring color management for ImageBitmap and ImageData in another CL. I'll try to fix this at the same time if it was not fixed automatically.
,
Mar 8 2017
As I see the source of the problem is that ImageBitmap::isSourceSizeValid() does not put a constraint on the size of the image bitmap that can be created. Justin must have a better insight.
,
Mar 9 2017
ClusterFuzz has detected this issue as fixed in range 455091:455394. Detailed report: https://clusterfuzz.com/testcase?key=4648560768581632 Fuzzer: ochang_domfuzzer Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000000 Crash State: blink::ImageBitmap::ImageBitmap blink::ImageBitmap::create blink::HTMLCanvasElement::createImageBitmap Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=431896:432166 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_mp&range=455091:455394 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95SgfTDTEpLo_x6Po-vsS8MW9HTDGP2l1xdps5N98GZzp2p9PuAdB4KiuaPJTDz-yw-u7FaRyZV_Goht_Zzxl3LeXJM00rsCmVP4mVa3ff1wgUfC3hQavK2oGzeh8xisBbMgeefZ9UsBtSma8q1_2YZv0tdkaEeTh1yDD5UjS6Hf047mWGWqj4-ds1oY6qyn0a9uPwIQgI_U8HMGqHfo21i8IWT08BnJ5yHE_DvjTXYmj9mYUd09hYl_WRuMRRdcVxxu008oE_z18DQNOgjxkfjd5ylgTvq9ijS349OEWbRVEBNTFWZQi03oSNohdQEZyN3Eq7CFiemxqHN3xiQvJQnL06WWddiF4jkFBrWcyf8KWiGLQs?testcase_id=4648560768581632 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 9 2017
ClusterFuzz testcase 4648560768581632 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by durga.behera@chromium.org
, Mar 8 2017Labels: Test-Predator-Wrong-CLs M-57
Owner: zakerinasab@chromium.org
Status: Assigned (was: Untriaged)