Testcase 5599510578593792 is a top crash on ClusterFuzz for linux platform. Please prioritize fixing this crash.

Marking this crash as a Beta release blocker.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

Add vmpstr and ericrk to content/renderer/gpu/OWNERS by vmpstr@chromium.org - https://chromium.googlesource.com/chromium/src/+/d12dba3c21a20e40232c1e55d7a43c19410acc0f

oop: Initialize and validate font creation params. by vmpstr@chromium.org - https://chromium.googlesource.com/chromium/src/+/57a9b3e34bfddc151f8848ccf9fec031f09f5f39

If this is incorrect, please apply the Test-Predator-Wrong-CLs label.

This might only be a High — as far as I know, we don't use Skia in any high-privilege processes. Is that right?

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/8ba13f63020b2301d2a97392804d14e5e6f7b2b2

commit 8ba13f63020b2301d2a97392804d14e5e6f7b2b2
Author: Herbert Derby <herb@google.com>
Date: Thu Dec 07 14:50:20 2017

Fix buffer off-by-one error.

The maximum number of Gaussian factors produces is 5.
But, 6 elements are needed to calculate those 5.

BUG= chromium:792316 

Change-Id: Ief356f6c21bed7e90e33900989744c27cfe8a9a9
Reviewed-on: https://skia-review.googlesource.com/81560
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Herb Derby <herb@google.com>

[modify] https://crrev.com/8ba13f63020b2301d2a97392804d14e5e6f7b2b2/src/core/SkGaussFilter.h
[modify] https://crrev.com/8ba13f63020b2301d2a97392804d14e5e6f7b2b2/src/core/SkGaussFilter.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a96632a73cfe354c2c564a9e531205abbc505287

commit a96632a73cfe354c2c564a9e531205abbc505287
Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org>
Date: Thu Dec 07 16:25:23 2017

Roll src/third_party/skia/ 4f5e1d4ff..9d78afdd3 (7 commits)

https://skia.googlesource.com/skia.git/+log/4f5e1d4ff3fa..9d78afdd3d87

$ git log 4f5e1d4ff..9d78afdd3 --date=short --no-merges --format='%ad %ae %s'
2017-12-07 borenet Revert "[infra] Move commands from isolates to gen_tasks.go"
2017-12-06 herb Fix buffer off-by-one error.
2017-12-07 borenet [infra] Move commands from isolates to gen_tasks.go
2017-12-07 rmistry Do not skip trybots for uploads by update-docs
2017-12-06 benjaminwagner Specify long build ID in Android dimensions.
2017-12-07 bsalomon Revert "Add define to use customize vulkan header."
2017-12-06 scroggo Update to the latest version of libjpeg-turbo

Created with:
  roll-dep src/third_party/skia
BUG= 792316 


The AutoRoll server is located here: https://autoroll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
TBR=rmistry@chromium.org

Change-Id: I6b3738c95a764c9efbaefee9a7895cd739a65211
Reviewed-on: https://chromium-review.googlesource.com/814276
Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org>
Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#522446}
[modify] https://crrev.com/a96632a73cfe354c2c564a9e531205abbc505287/DEPS

ClusterFuzz has detected this issue as fixed in range 522424:522457.

Detailed report: https://clusterfuzz.com/testcase?key=5599510578593792

Fuzzer: cdiehl_dharma
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: Stack-buffer-overflow WRITE 8
Crash Address: 0xc49a687f
Crash State:
  SkGaussFilter::SkGaussFilter
  SkMaskBlurFilter::blur
  SkBlurMask::BoxBlur
  
Sanitizer: address (ASAN)

Recommended Security Severity: Critical

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=521774:521834
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=522424:522457

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5599510578593792

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5599510578593792 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Adding Test-Predator-Wrong-CLs to flag for investigation about why the regression range was so large/possibly incorrect.

I'm afraid this was also found by an internal fuzzer.

@awhalley
Was it found before this one? I'm just asking.

This bug requires manual review: DEPS changes referenced in bugdroid comments.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), kbleicher@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+awhalley@ - Can you please comment on which CL needs to be merged? Is this really a P0? 

herb@ - could you confirm this is M65 only? 

nordisop@gmail.com - it was hit by a couple of dozen of fuzzers on the same day I'm afraid.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot