Crash in PaintOpReader::Read(PaintShader) |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6308940739772416 Fuzzer: afl_paint_op_buffer_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Abrt Crash Address: 0x03e900000fef Crash State: __cxxabiv1::failed_throw cc::PaintOpReader::Read cc::DrawLineOp::Deserialize Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=492357:492411 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6308940739772416 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 28 2017
#10 0x586350 in cc::PaintOpReader::Read(sk_sp<cc::PaintShader>*) cc/paint/paint_op_reader.cc:254
,
Aug 28 2017
,
Aug 29 2017
ClusterFuzz has detected this issue as fixed in range 496604:497767. Detailed report: https://clusterfuzz.com/testcase?key=6308940739772416 Fuzzer: afl_paint_op_buffer_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Abrt Crash Address: 0x03e900000fef Crash State: __cxxabiv1::failed_throw cc::PaintOpReader::Read cc::DrawLineOp::Deserialize Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=492357:492411 Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=496604:497767 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6308940739772416 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 29 2017
ClusterFuzz testcase 6308940739772416 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 29 2017
vmpstr: It looks like this only got "fixed" because of the clearDeviceRect change bumping around enums. I suspect that this is still an issue.
,
Aug 29 2017
Add clusterfuzz wrong so this can stay open
,
Aug 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1ec7cdb60fbc0d1d377de15c7699b9b114e40b15 commit 1ec7cdb60fbc0d1d377de15c7699b9b114e40b15 Author: Vladimir Levin <vmpstr@chromium.org> Date: Wed Aug 30 02:21:48 2017 cc: Limit the number of colors supported during shader deserialization. This patch limits the number of colors we can deserialize to 10k. R=enne@chromium.org Bug: 759199 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ic83510decf1bd5f4c65dc4f3a2f9e8107cd9453f Reviewed-on: https://chromium-review.googlesource.com/641976 Commit-Queue: Vladimir Levin <vmpstr@chromium.org> Reviewed-by: enne <enne@chromium.org> Cr-Commit-Position: refs/heads/master@{#498345} [modify] https://crrev.com/1ec7cdb60fbc0d1d377de15c7699b9b114e40b15/cc/paint/paint_op_reader.cc [modify] https://crrev.com/1ec7cdb60fbc0d1d377de15c7699b9b114e40b15/cc/paint/paint_shader.cc
,
Aug 30 2017
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by enne@chromium.org
, Aug 28 2017