New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 714374 link

Starred by 1 user
Status: WontFix
Owner:
msarett@chromium.org
Last visit > 30 days ago
Closed: Apr 2017
Cc:
hcm@google.com
mtklein@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Security



Sign in to add a comment

Use-of-uninitialized-value in parametric

Project Member Reported by ClusterFuzz, Apr 22 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5964805950406656

Fuzzer: libfuzzer_skia_color_space_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  parametric
  parametric_g
  color_lookup_table
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=465908:465939

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5964805950406656


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Apr 22 2017

Labels: M-59
Project Member

Comment 2 by sheriffbot@chromium.org, Apr 22 2017

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Apr 22 2017

Labels: Pri-1
Project Member

Comment 4 by sheriffbot@chromium.org, Apr 23 2017

Labels: -Security_Impact-Head Security_Impact-Beta

Comment 5 by mea...@chromium.org, Apr 25 2017

Components: Internals>Skia
Owner: hcm@chromium.org
Status: Assigned (was: Untriaged)
hcm: Can you please reassign as appropriate? Thanks.

Comment 6 by gov...@chromium.org, Apr 25 2017 

A friendly reminder that M59 Beta  launch is coming soon! Your bug is labelled as Release Block Beta. All fixes need to be merged into the release branch (3071) latest by tomorrow, 04/26 4:00 PM PT in order to make into the desktop Beta final build cut. Thank you!

Comment 7 by hcm@chromium.org, Apr 25 2017

Cc: hcm@google.com
Owner: msarett@chromium.org

Comment 8 by msarett@chromium.org, Apr 25 2017

Cc: msarett@chromium.org
Owner: mtklein@chromium.org

Comment 9 by msarett@chromium.org, Apr 25 2017

Cc: -msarett@chromium.org mtklein@chromium.org
Owner: msarett@chromium.org

Comment 10 by mtklein@chromium.org, Apr 25 2017 

Looks like the old code path, which I've deleted for M60.  Don't see any Skia change in the regressed list, so I think it's just that the new fuzzer has found a latent bug.

Comment 11 by msarett@chromium.org, Apr 25 2017

Status: WontFix (was: Assigned)
I've tried ToT, and I've synced back to m59 - can't reproduce on either.  The fuzz report also lists this as "not reproducible".  Not sure what to do with that.
Project Member

Comment 12 by sheriffbot@chromium.org, Aug 2 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment