New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 764699 link

Starred by 2 users
Status: Fixed
Owner:
caryclark@google.com
Last visit > 30 days ago
Closed: Oct 2017
Cc:
hcm@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Timeout in skia_pathop_fuzzer

Project Member Reported by ClusterFuzz, Sep 13 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6163338005577728

Fuzzer: libFuzzer_skia_pathop_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  skia_pathop_fuzzer
  
Sanitizer: undefined (UBSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6163338005577728

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.

Comment 1 by pnangunoori@chromium.org, Sep 13 2017

Components: Internals>Skia
Labels: Test-Predator-Wrong-CLs
Project Member

Comment 2 by ClusterFuzz, Sep 15 2017

Labels: OS-Mac

Comment 3 by mmoroz@chromium.org, Sep 30 2017

Owner: hcm@chromium.org
Status: Assigned (was: Untriaged)

Comment 4 by hcm@chromium.org, Oct 17 2017

Cc: hcm@chromium.org
Owner: caryclark@google.com
Yeah still cannot repro and CF seems to report as flaky, but still showing up sometimes.  Cary, do you see anything to take action on in the stack trace here?
Project Member

Comment 5 by bugdroid1@chromium.org, Oct 18 2017 

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/43938b8533dbee75816726b54737e410097428ce

commit 43938b8533dbee75816726b54737e410097428ce
Author: Cary Clark <caryclark@skia.org>
Date: Wed Oct 18 13:09:06 2017

add fuzzer timeout escape

SkOpSegment::moveNearby may loop for a long time, maybe forever.
The longest loop isolated is 500 in a fuzzer generated test, and
50 in a real world test. Add an escape hatch to abandon the op
after 9999 loops.

While this puts a limit on the complexity path ops can handle,
realistically paths this complex fail otherwise.

TBR:hcm@google.com
Bug:  764699 
Change-Id: Iad62b9d505b94b2c2845ad2874342ac90478642e
Reviewed-on: https://skia-review.googlesource.com/61200
Reviewed-by: Cary Clark <caryclark@skia.org>
Commit-Queue: Cary Clark <caryclark@skia.org>

[modify] https://crrev.com/43938b8533dbee75816726b54737e410097428ce/src/pathops/SkOpSegment.cpp

Comment 6 by caryclark@google.com, Oct 18 2017

Status: Fixed (was: Assigned)

Sign in to add a comment