This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Suspecting https://chromium.googlesource.com/skia/+/fe53e5828fd31326cdc4594ca06435eb0af50afe%5E%21/#F0

ethannicholas@: Can you please take a look or reassign as appropriate? Thanks.

ethannicholas: Friendly ping as part of the security fixit week.

I believe this will be fixed by https://skia-review.googlesource.com/c/15383/.

ClusterFuzz has detected this issue as fixed in range 469656:469727.

Detailed report: https://clusterfuzz.com/testcase?key=5143412983726080

Fuzzer: attekett_dom_fuzzer
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: Container-overflow READ 4
Crash Address: 0x61000006be40
Crash State:
  SkSL::Compiler::addDefinitions
  SkSL::Compiler::scanCFG
  SkSL::Compiler::internalConvertProgram
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=468030:468089
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=469656:469727

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5143412983726080


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Nice one attekett! The panel decided to award $1,000 for this, plus the $500 clusterfuzz bonus.

However, they would consider raising the reward if you could demonstrate how it could be used.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot