New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 710082 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 709941
Owner:
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: ----
Type: Bug-Security



Sign in to add a comment

Use-of-uninitialized-value in SkColorLookUpTable::interp3D

Project Member Reported by ClusterFuzz, Apr 10 2017

Issue description

Cc: msarett@chromium.org
Components: Internals>Skia
Owner: mtklein@chromium.org
Status: Assigned (was: Untriaged)
Might be related to  crbug.com/709941  (it's later on in the same method). Seems like there might not have been fuzz coverage of this code until now, which is a bit worrying. Is this active anywhere in chrome?
Mergedinto: 709941
Status: Duplicate (was: Assigned)
Yeah, let's dedup them for now.  Yes, this code is live in Chrome.  If you have an image with a fancy color profile, it runs.
Project Member

Comment 3 by ClusterFuzz, Apr 11 2017

ClusterFuzz has detected this issue as fixed in range 463254:463274.

Detailed report: https://clusterfuzz.com/testcase?key=5618607125168128

Fuzzer: libfuzzer_skia_color_space_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  SkColorLookUpTable::interp3D
  color_lookup_table
  run_program
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=463237:463254
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=463254:463274

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97nd18wqqMtuX3Fw-oBKIuHRaw8m65TeIrZX1r3fAX38hjF7oPY4sqyqapP-xkmiUZkgErAZkV71UtT2HDD40nPQ-4kylomL3diQEf3GQBNpes7I4mfq_b6lYIPDsd6kSN4bcTlWiTNU7HnajBlr9Q1lLsWaaOjstNc4eAn-pbrWCA7dSogi6_jV7WofLiVvGtJs9-_prCJCsgd1cdP7vdgmyEWOwE5WqYutKKrxK2l_s_CmD1kd8x5jE_WUG50k5nnfeDcLBDZ7CsrO8v8JFREePWCvn4cF_0OdFAnAbnw-0K_cMwsClr2xqwyBG3hSnC10FQ4fNwxTQBgiPufFVt9-wyb9bhFr8sq4uEpTQA5BUZMuk4?testcase_id=5618607125168128


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by sheriffbot@chromium.org, Jul 20 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment