New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 714431 link

Starred by 1 user
Status: Duplicate
Merged: issue 713332
Owner:
jaydasika@chromium.org
Last visit > 30 days ago
Closed: Apr 2017
Cc:
ajuma@chromium.org
sunxd@chromium.org
msrchandra@chromium.org
mac-bugs-priority@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Crash in cc::RenderPass::CreateAndAppendSharedQuadState

Project Member Reported by ClusterFuzz, Apr 23 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5792551589380096

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000118
Crash State:
  cc::RenderPass::CreateAndAppendSharedQuadState
  cc::RenderSurfaceImpl::AppendQuads
  cc::LayerTreeHostImpl::CalculateRenderPasses
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=458746:463137

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5792551589380096


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by msrchandra@chromium.org, Apr 24 2017

Cc: msrchandra@chromium.org
Components: Internals>Compositing
Labels: M-60 Test-Predator-Correct-CLs
Owner: sunxd@chromium.org
Status: Assigned (was: Untriaged)
Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: sunxd
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/bb0b3ae9224e1883dd491b6b6810b6bfe0da8480
Time: Wed Apr 05 21:13:20 2017
Lines 402-405 of file render_surface_impl.cc which potentially caused crash are changed in this cl (frame #4, "cc::RenderSurfaceImpl::AppendQuads").
Minimum distance from crash line to modified line: 0. (file: render_surface_impl.cc, crashed on: 402, modified: 402). 

Author: ajuma
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/95621958b771f10bac0a7690cdbc6f610573e8a1
Time: Tue Apr 04 19:58:14 2017
Lines 911, 917-918, 926-938 of file layer_tree_host_impl.cc which potentially caused crash are changed in this cl (frame #5, "cc::LayerTreeHostImpl::CalculateRenderPasses"). 

File render_surface_impl.cc is changed in this cl (and is part of stack frame #4, "cc::RenderSurfaceImpl::AppendQuads")
Minimum distance from crash line to modified line: 0. (file: layer_tree_host_impl.cc, crashed on: 911, modified: 911).

@sunxd -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by sunxd@chromium.org, Apr 24 2017

Cc: sunxd@chromium.org
Owner: jaydasika@chromium.org
I believe it's the same issue as  crbug.com/713332 . jaydasika@, can you please take a look at this issue?

Comment 3 by jaydasika@chromium.org, Apr 24 2017

Mergedinto: 713332
Status: Duplicate (was: Assigned)
Project Member

Comment 4 by ClusterFuzz, Apr 29 2017 

ClusterFuzz has detected this issue as fixed in range 468133:468190.

Detailed report: https://clusterfuzz.com/testcase?key=5792551589380096

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000118
Crash State:
  cc::RenderPass::CreateAndAppendSharedQuadState
  cc::RenderSurfaceImpl::AppendQuads
  cc::LayerTreeHostImpl::CalculateRenderPasses
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=458746:463137
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=468133:468190

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5792551589380096


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 5 by jaydasika@chromium.org, May 1 2017

Cc: ajuma@chromium.org
This was fixed by https://codereview.chromium.org/2834123002/

Sign in to add a comment