New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 700324 link

Starred by 2 users
Status: Verified
Owner:
reed@chromium.org
Email to this user bounced
Closed: Apr 2017
Cc:
ifratric@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in aa_square_proc

Project Member Reported by ClusterFuzz, Mar 10 2017

Comment 1 by durga.behera@chromium.org, Mar 10 2017

Components: Internals>Skia
Labels: Test-Predator-Correct-CLs M-59
Owner: reed@chromium.org
Status: Assigned (was: Untriaged)
Find it result:
=================
Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.) 

Author: reed@android.com
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/8a1c16ff38322f0210116fa7293eb8817c7e477e
Time: Wed Dec 17 15:59:43 2008 +0000
The CL last changed line 411 of file SkDraw.cpp, which is stack frame 0. 

Author: reed@android.com
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/8a1c16ff38322f0210116fa7293eb8817c7e477e
Time: Wed Dec 17 15:59:43 2008 +0000
The CL last changed line 552 of file SkDraw.cpp, which is stack frame 1. 

Author: robertphillips@google.com
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/6d87557278052c131957e5d6e093d3a675162d22
Time: Mon Dec 17 18:56:29 2012 +0000
The CL last changed line 656 of file SkDraw.cpp, which is stack frame 2. 

Author: Mike Reed
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/a1361364e64138adda3dc5f71d50d7503838bb6d
Time: Tue Mar 07 09:37:29 2017 -0500
The CL last changed line 212 of file SkBitmapDevice.cpp, which is stack frame 3. 

Author: Mike Reed
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/a1361364e64138adda3dc5f71d50d7503838bb6d
Time: Tue Mar 07 09:37:29 2017 -0500
The CL last changed line 1996 of file SkCanvas.cpp, which is stack frame 4. 

Author: mtklein
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/343a63d082bda969d7e8a4e09ba850e931185269
Time: Tue Mar 22 11:46:53 2016 -0700
The CL last changed line 51 of file SkRecordDraw.cpp, which is stack frame 5. 

Author: mtklein
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/9db912c2ac2ab53bc24f2d50a3e5a80162051dcc
Time: Tue May 19 11:11:26 2015 -0700
The CL last changed line 33 of file SkBigPicture.cpp, which is stack frame 6.
================================
Possible suspect from the above CL list of find it.
Reviewed-on: https://skia-review.googlesource.com/9341
reed@: Could you please take a look into this if its related to your change.
Project Member

Comment 2 by ClusterFuzz, Apr 28 2017 

ClusterFuzz has detected this issue as fixed in range 467574:467606.

Detailed report: https://clusterfuzz.com/testcase?key=6081380783226880

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  aa_square_proc
  SkDraw::drawPoints
  SkDraw::drawPoints
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=449941:449957
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=467574:467606

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6081380783226880


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Apr 28 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6081380783226880 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment