New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 727336 link

Starred by 1 user
Status: WontFix
Owner:
reed@chromium.org
Email to this user bounced
Closed: Sep 2017
Cc:
ifratric@google.com
ranjitkan@chromium.org
reed@google.com
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Integer-overflow in XRect_roundOut

Project Member Reported by ClusterFuzz, May 29 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5982718201692160

Fuzzer: ifratric-browserfuzzer-v3
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  XRect_roundOut
  SkScan::AntiFillXRect
  aa_square_proc
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=456626:457730

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5982718201692160


Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by ranjitkan@chromium.org, May 31 2017

Cc: ranjitkan@chromium.org reed@google.com
Labels: -Type-Bug Test-Predator-Correct-CLs Type-Bug-Regression
Owner: reed@chromium.org
Status: Assigned (was: Untriaged)
Assigning to the concern owner from Predator results --
The result is a list of CL's that change the crashed files. 

Author: Mike Reed
Project: chromium-skia
Changelist: https://skia.googlesource.com/skia.git/+/a1361364e64138adda3dc5f71d50d7503838bb6d
Time: Tue Mar 07 09:37:29 2017 -0500
The CL last changed line 202 of file SkBitmapDevice.cpp, which is stack frame 5. 

@Mike Reed: Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by ranjitkan@chromium.org, May 31 2017

Labels: M-61
Project Member

Comment 3 by ClusterFuzz, Sep 23 2017

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5982718201692160 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment