For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

(bulk edit)

Apologies for delay here- we (I) am pretty behind on P2 triage with the influx we've had of P1s the past few months... to Cary for a look as he has time.

Chris, any ideas why normalize_t_s might shift by -1 here?

I'm confused. Line 575 reads as:

  norm.bits = expNorm << 52;

https://skia.googlesource.com/skia/+/2d8d196318a62f1985fc313395695b7c92a6af0f/src/core/SkGeometry.cpp#575

Which is definitely not -1. Are we possibly producing invalid doubles, which are then implemented in software and causing a shift by -1?

Maybe this is relevant? 

"it's undefined behavior to read from the member of the union that wasn't most recently written"  http://en.cppreference.com/w/cpp/language/union

To stay within the standard, you have to use memcpy()

The assigned owner "csmartdalton@chromium.org" is not able to receive e-mails, please re-triage.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Automatically assigning owner based on suspected regression changelist https://skia.googlesource.com/skia/+/91982ee8d92a80193915d59760e2ba9ce6f46989 (Fix SkClassifyCubic for near-quadratics).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/4dbdc677affd61309f1da173096089fdd20219b3

commit 4dbdc677affd61309f1da173096089fdd20219b3
Author: Chris Dalton <csmartdalton@google.com>
Date: Tue Oct 31 22:05:16 2017

Fix undefined behavior in normalize_t_s

BUG= chromium:743617 

Change-Id: I00ad3103cdd5b7d2eac3b6827a3c2932009042a9
Reviewed-on: https://skia-review.googlesource.com/65860
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: Chris Dalton <csmartdalton@google.com>

[modify] https://crrev.com/4dbdc677affd61309f1da173096089fdd20219b3/src/core/SkGeometry.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/17a37fcec9ee6b63805fdd99214045ea618ef131

commit 17a37fcec9ee6b63805fdd99214045ea618ef131
Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org>
Date: Wed Nov 01 00:17:30 2017

Roll src/third_party/skia/ 90dabec62..4dbdc677a (23 commits)

https://skia.googlesource.com/skia.git/+log/90dabec62f9b..4dbdc677affd

$ git log 90dabec62..4dbdc677a --date=short --no-merges --format='%ad %ae %s'
2017-10-31 csmartdalton Fix undefined behavior in normalize_t_s
2017-10-31 csmartdalton Allow GrAppliedClip to have >1 clip coverage FP
2017-10-25 mtklein Some lowp refactoring
2017-10-31 angle-deps-roller Roll skia/third_party/externals/angle2/ b8ee9dd35..c1f14fbea (1 commit)
2017-10-31 brianosman Use color filter to undo GBR (actually BRG)
2017-10-31 mtklein Revert "Fix int overflow issues with clip and path bounds."
2017-10-31 caryclark cataloger
2017-10-31 bsalomon Devirtualized token management in GrDeferredUploadTarget.
2017-10-31 angle-deps-roller Roll skia/third_party/externals/angle2/ 1b605ee34..b8ee9dd35 (1 commit)
2017-10-31 kjlubick Add Pixel 2 XL to waterfall
2017-10-25 mtklein clean up SK_LEGACY_LOWP_STAGES
2017-10-31 bsalomon Make deferred upload handling and draw recording be virtual interfaces implemented by GrOpFlushState.
2017-10-31 scroggo Simplify SkColorSpace::MakeICC
2017-10-31 bungeman Remove SK_IGNORE_SUBPIXEL_HINTING_FIX.
2017-10-31 fmalita Don't store legacy colors in gradient shaders
2017-10-31 mtklein Revert "gbr- has been brg- this whole time..."
2017-10-31 robertphillips Add a GM to test out odd matrix draws (take 2)
2017-10-31 angle-deps-roller Roll skia/third_party/externals/angle2/ 2c5c41f9b..1b605ee34 (1 commit)
2017-10-31 mtklein gbr- has been brg- this whole time...
2017-10-31 jvanverth Fix int overflow issues with clip and path bounds.
2017-10-31 robertphillips Revert "Add a GM to test out odd matrix draws"
2017-10-31 angle-deps-roller Roll skia/third_party/externals/angle2/ d922775b6..2c5c41f9b (1 commit)
2017-10-31 mtklein update valgrind suppressions for revised keepalive thread

Created with:
  roll-dep src/third_party/skia
BUG= 743617 , 779346 


The AutoRoll server is located here: https://autoroll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
TBR=stani@chromium.org

Change-Id: I6c60d600f1b6ac2555e482e37465f2220492326a
Reviewed-on: https://chromium-review.googlesource.com/747886
Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org>
Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#513017}
[modify] https://crrev.com/17a37fcec9ee6b63805fdd99214045ea618ef131/DEPS

ClusterFuzz testcase 6331420984475648 is still reproducing on tip-of-tree build (trunk).

Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/fc31be40cede4dfd5b06ecaffb551b06aea85693

commit fc31be40cede4dfd5b06ecaffb551b06aea85693
Author: Chris Dalton <csmartdalton@google.com>
Date: Thu Nov 09 16:08:44 2017

Harden SkClassifyCubic

BUG= chromium:743617 
Change-Id: Idfb89832b48ebd60fd9109cd526bdd5cd5931ada
Reviewed-on: https://skia-review.googlesource.com/68980
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: Chris Dalton <csmartdalton@google.com>

[modify] https://crrev.com/fc31be40cede4dfd5b06ecaffb551b06aea85693/tests/GeometryTest.cpp
[modify] https://crrev.com/fc31be40cede4dfd5b06ecaffb551b06aea85693/src/core/SkGeometry.h
[modify] https://crrev.com/fc31be40cede4dfd5b06ecaffb551b06aea85693/src/core/SkGeometry.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/936f7f2e4235cce3d05b9a31a223fd40ee978f52

commit 936f7f2e4235cce3d05b9a31a223fd40ee978f52
Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org>
Date: Thu Nov 09 19:25:02 2017

Roll src/third_party/skia/ 11691efe9..0d8766c84 (9 commits)

https://skia.googlesource.com/skia.git/+log/11691efe9d7d..0d8766c84c80

$ git log 11691efe9..0d8766c84 --date=short --no-merges --format='%ad %ae %s'
2017-11-09 reed Remove MakeForLocalSpace since picture image is sufficient
2017-11-09 herb Remove dead code for the incorrect handling of small radii blurs.
2017-11-08 csmartdalton Harden SkClassifyCubic
2017-11-09 brianosman Allow changing the transfer function in xform canvas mode
2017-11-09 angle-deps-roller Roll skia/third_party/externals/angle2/ 3ef06a9f8..70b715c9b (1 commit)
2017-11-09 liyuqian Compute more accurate containedInClip
2017-11-08 fmalita Simplify analytical GPU gradient impls
2017-11-09 angle-deps-roller Roll skia/third_party/externals/angle2/ 0e8831341..3ef06a9f8 (1 commit)
2017-11-08 robertphillips Remove destination pointer from GrCopySurfaceOp

Created with:
  roll-dep src/third_party/skia
BUG= 743617 


The AutoRoll server is located here: https://autoroll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
TBR=egdaniel@chromium.org

Change-Id: I76f4dce6fd78c1df531cef14d4a510a937e63779
Reviewed-on: https://chromium-review.googlesource.com/760665
Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org>
Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#515238}
[modify] https://crrev.com/936f7f2e4235cce3d05b9a31a223fd40ee978f52/DEPS

ClusterFuzz has detected this issue as fixed in range 515212:515249.

Detailed report: https://clusterfuzz.com/testcase?key=6331420984475648

Fuzzer: libFuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  normalize_t_s
  classify_cubic
  SkClassifyCubic
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=486952:486977
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=515212:515249

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6331420984475648

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6331420984475648 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.