Issue metadata
Sign in to add a comment
|
Direct-leak in sk_realloc_throw |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6335096992038912 Fuzzer: attekett_surku_fuzzer Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: sk_realloc_throw reserve SkTextBlobBuilder::allocInternal Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=464662:464726 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97ulh3odRVjuq-I0_NGpauKI3Ew_lkxBQ2MRnxcS8vEhNoz_aP9XLoulfiRWgxsO3VAHNWacFmBtdKTjnNr8fRk1GxApRg2shOByxgnaJQ4osZc3Ji1GNBgXl7j6z2B0qlW7UUHS4pxmplXWMYwanVk7LToUCkJidYINY05IXJV0cZ3np8XCC_ER8uOVSwVTbmink4iUYyPeI8QLNEScLZC7e-9GS0dLKPB4G98EjvHXTOW1ZLqj93AcbZsljSOoxnyx6OdRpPQxKc0QRdEq_G6ML9pMC7Ms3jx3HC7bxwiE8WEZV0N6XstQHsJzTL5-87I4DMqwGtgII2TzVsCydj6f0Kw2UCxh92iaV1W5gA2otMUbj0?testcase_id=6335096992038912 Additional requirements: Requires Gestures Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 17 2017
To Florin for a look...
,
Apr 18 2017
ClusterFuzz has detected this issue as fixed in range 465194:465207. Detailed report: https://clusterfuzz.com/testcase?key=6335096992038912 Fuzzer: attekett_surku_fuzzer Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Direct-leak Crash Address: Crash State: sk_realloc_throw reserve SkTextBlobBuilder::allocInternal Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=465194:465207 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97ulh3odRVjuq-I0_NGpauKI3Ew_lkxBQ2MRnxcS8vEhNoz_aP9XLoulfiRWgxsO3VAHNWacFmBtdKTjnNr8fRk1GxApRg2shOByxgnaJQ4osZc3Ji1GNBgXl7j6z2B0qlW7UUHS4pxmplXWMYwanVk7LToUCkJidYINY05IXJV0cZ3np8XCC_ER8uOVSwVTbmink4iUYyPeI8QLNEScLZC7e-9GS0dLKPB4G98EjvHXTOW1ZLqj93AcbZsljSOoxnyx6OdRpPQxKc0QRdEq_G6ML9pMC7Ms3jx3HC7bxwiE8WEZV0N6XstQHsJzTL5-87I4DMqwGtgII2TzVsCydj6f0Kw2UCxh92iaV1W5gA2otMUbj0?testcase_id=6335096992038912 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 18 2017
Can't repro at ToT. Nothing related changed in Skia recently, and neither did the Blink text paint code in that regression range. So I suspect the leak is at a higher level. https://codereview.chromium.org/2768143002/ looks like a good candidate in that range. It's also been reverted, so I triggered a progression task in CF and it found the leak fixed on revert. Assigning to enne@, to take a look before relanding.
,
Apr 18 2017
This seems like a very similar bug to issue 711964 . I'd be really curious to know if there's some similar leak bugs in Skia or in SkPictureBuilder that were suddenly fixed and then unfixed.
,
Apr 18 2017
Not that I know of, but I agree this leak is kind of odd (requires gesture "key,ctrl+Q" - is that quitting the browser?).
,
Apr 18 2017
ClusterFuzz testcase 6335096992038912 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Apr 18 2017
@enne I think you're on our only other similar/in that space leak bug that's been filed recently- https://bugs.chromium.org/p/chromium/issues/detail?id=712038
,
Apr 20 2017
This is the same as 712038. The DrawTextBlobOp has text blob info with pointers, and it is lost due to alignment problems. I confirmed with the repro that 712038 fixes this. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by msrchandra@chromium.org
, Apr 17 2017Labels: M-60 Test-Predator-Wrong-CLs