Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in approx_log2 |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5181047238295552 Fuzzer: libfuzzer_skia_color_space_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: approx_log2 approx_powf parametric Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=468569:468582 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5181047238295552 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 3 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 3 2017
,
May 3 2017
msarett, could you please take a look, or help get this assigned to the right person? thanks!
,
May 4 2017
,
May 5 2017
,
May 5 2017
If it's approx_log2() yelling, that's uninitialized color data. Gamma never goes through approx_log2(). From the stack, it looks like the green channel. #6 0x73d82d in sk_callback ... could only be a color lookup table. Think we looked up a bad green?
,
May 5 2017
Yeah sorry, this is the fix: https://skia-review.googlesource.com/c/15301/ Was CCing you for context.
,
May 5 2017
The following revision refers to this bug: https://skia.googlesource.com/skia/+/9d687dfa3e341bc4bae7806b6e3262ae3d441889 commit 9d687dfa3e341bc4bae7806b6e3262ae3d441889 Author: Matt Sarett <msarett@google.com> Date: Fri May 05 15:18:03 2017 Avoid interpolating color lut with less than 2 points Bug: 717935 Change-Id: Ibf15b815891eef5a0239bc408bcbfe7c8b1507c5 Reviewed-on: https://skia-review.googlesource.com/15301 Commit-Queue: Matt Sarett <msarett@google.com> Reviewed-by: Mike Klein <mtklein@chromium.org> [modify] https://crrev.com/9d687dfa3e341bc4bae7806b6e3262ae3d441889/tests/ColorSpaceTest.cpp [add] https://crrev.com/9d687dfa3e341bc4bae7806b6e3262ae3d441889/resources/icc_profiles/invalid_color_lut.icc [modify] https://crrev.com/9d687dfa3e341bc4bae7806b6e3262ae3d441889/src/core/SkColorSpace_ICC.cpp [modify] https://crrev.com/9d687dfa3e341bc4bae7806b6e3262ae3d441889/src/core/SkColorLookUpTable.h
,
May 5 2017
,
May 6 2017
ClusterFuzz has detected this issue as fixed in range 469678:469725. Detailed report: https://clusterfuzz.com/testcase?key=5181047238295552 Fuzzer: libfuzzer_skia_color_space_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: approx_log2 approx_powf parametric Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=468569:468582 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=469678:469725 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5181047238295552 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 6 2017
,
May 18 2017
,
Aug 12 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, May 3 2017