Heap-use-after-free in CFX_ClipRgn::IntersectMaskRect |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4604072918515712 Fuzzer: ochang_neurofuzz_borgfuzz Job Type: windows_asan_chrome Platform Id: windows Crash Type: Heap-use-after-free READ 1 Crash Address: 0x08b216a8 Crash State: CFX_ClipRgn::IntersectMaskRect CFX_ClipRgn::IntersectRect CFX_AggDeviceDriver::SetClip_PathFill Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=460152:460191 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv972WOTGBtW-pW7JX1ME77cpriKuYH7QccNZac-KohGWUE2Ezm35vzCDdiQrQ5BEf8yMhkAHLympQKpSl4N7KApnb7B6pxKgxLFD4flfMB6-zWqPPmxKCRwXSUFqCQc7IvJ5h3X2ZUP9Jr_958Ivv4sN_P979pgniLmnBTt7gBoNOzR8prKWmVYB9JcY0_ereS7qNbRne81L2-Qh4F-W-cCukjGia1utykpWu6tFYValxrNAalY5DXDl4BbL2iR1uXZXKeNkPocFqIv04Cg0ZwSm-66mFv6Wl1vDt1hMHrygQyRJSxHQjA3o5gGTsvPaJmUeEQhsgWKzVmwDRQXVoxU9IGtWf4XCddZoYGyTUD8FRpWwQvbzc0YrrHe_JaS8UY3NE6pt9GhZuhbKMjY_S6QCK3AIhA?testcase_id=4604072918515712 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 19 2017
,
Apr 19 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 19 2017
https://bugs.chromium.org/p/chromium/issues/detail?id=706346 should have fixed this issue -- is CF reporting old issues for some reason ?
,
Apr 19 2017
ClusterFuzz has detected this issue as fixed in range 460191:460218. Detailed report: https://clusterfuzz.com/testcase?key=4604072918515712 Fuzzer: ochang_neurofuzz_borgfuzz Job Type: windows_asan_chrome Platform Id: windows Crash Type: Heap-use-after-free READ 1 Crash Address: 0x08b216a8 Crash State: CFX_ClipRgn::IntersectMaskRect CFX_ClipRgn::IntersectRect CFX_AggDeviceDriver::SetClip_PathFill Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=460152:460191 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome&range=460191:460218 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv972WOTGBtW-pW7JX1ME77cpriKuYH7QccNZac-KohGWUE2Ezm35vzCDdiQrQ5BEf8yMhkAHLympQKpSl4N7KApnb7B6pxKgxLFD4flfMB6-zWqPPmxKCRwXSUFqCQc7IvJ5h3X2ZUP9Jr_958Ivv4sN_P979pgniLmnBTt7gBoNOzR8prKWmVYB9JcY0_ereS7qNbRne81L2-Qh4F-W-cCukjGia1utykpWu6tFYValxrNAalY5DXDl4BbL2iR1uXZXKeNkPocFqIv04Cg0ZwSm-66mFv6Wl1vDt1hMHrygQyRJSxHQjA3o5gGTsvPaJmUeEQhsgWKzVmwDRQXVoxU9IGtWf4XCddZoYGyTUD8FRpWwQvbzc0YrrHe_JaS8UY3NE6pt9GhZuhbKMjY_S6QCK3AIhA?testcase_id=4604072918515712 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 19 2017
ClusterFuzz testcase 4604072918515712 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Apr 20 2017
,
Apr 20 2017
,
Jul 27 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Apr 18 2017