New issue
Advanced search Search tips

Issue 798679 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Jan 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Null-dereference READ in rewind

Project Member Reported by ClusterFuzz, Jan 3 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5574005569617920

Fuzzer: inferno_canvas_wrecker
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000028
Crash State:
  rewind
  merge_edges_below
  merge_collinear_edges
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=526470:526497

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5574005569617920

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Jan 3 2018

Components: Internals>Skia
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Jan 3 2018

Cc: brianosman@google.com
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

Update per-geo color after simplifying FPs in GrAtlasTextOp by brianosman@google.com - https://skia.googlesource.com/skia/+/8716b50aae949d5ad3af680c2530e9285f6491cc

If this is incorrect, please apply the Test-Predator-Wrong-CLs label.
Labels: Test-Predator-Wrong-CLs
Owner: senorblanco@chromium.org
Project Member

Comment 4 by bugdroid1@chromium.org, Jan 4 2018

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/94b7e5425683996c8bc3ca0e7b549ab7235c1180

commit 94b7e5425683996c8bc3ca0e7b549ab7235c1180
Author: Stephen White <senorblanco@chromium.org>
Date: Thu Jan 04 21:36:06 2018

GrTessellator: fix for points which become non-finite on AA stroking.

If input points are near-infinite, they may become inf or NaN when
stroked.  Before converting the results of intersection from double
to float, clamp them to the [-FLT_MAX/FLT_MAX] range.

BUG= 798679 

Change-Id: I7d61130dd26147a9b7cfd38aa96567e3867b5c3e
Reviewed-on: https://skia-review.googlesource.com/90983
Commit-Queue: Stephen White <senorblanco@chromium.org>
Reviewed-by: Brian Osman <brianosman@google.com>

[modify] https://crrev.com/94b7e5425683996c8bc3ca0e7b549ab7235c1180/tests/TessellatingPathRendererTests.cpp
[modify] https://crrev.com/94b7e5425683996c8bc3ca0e7b549ab7235c1180/src/gpu/GrTessellator.cpp

Project Member

Comment 5 by bugdroid1@chromium.org, Jan 5 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4be19025916cb986df248fc17b2a6e60e50a5169

commit 4be19025916cb986df248fc17b2a6e60e50a5169
Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org>
Date: Fri Jan 05 04:33:43 2018

Roll src/third_party/skia/ 7edde238f..98992ae3b (15 commits)

https://skia.googlesource.com/skia.git/+log/7edde238f741..98992ae3b7e0

$ git log 7edde238f..98992ae3b --date=short --no-merges --format='%ad %ae %s'
2018-01-05 angle-skia-autoroll Roll skia/third_party/externals/angle2/ d22cc5cbb..f3e232959 (1 commit)
2018-01-04 fmalita [sksg] More inval fiddling
2018-01-04 angle-skia-autoroll Roll skia/third_party/externals/angle2/ c405ae717..d22cc5cbb (1 commit)
2017-12-22 csmartdalton Reland "CCPR: Initial semi-optimized vertex shader Impl"
2018-01-04 angle-skia-autoroll Roll skia/third_party/externals/angle2/ 915864946..c405ae717 (1 commit)
2018-01-04 angle-skia-autoroll Roll skia/third_party/externals/angle2/ fa920ebbc..915864946 (1 commit)
2018-01-04 fmalita [skotty] Add cubic Bezier lerp stubs
2018-01-04 angle-skia-autoroll Roll skia/third_party/externals/angle2/ c71862aa3..fa920ebbc (1 commit)
2018-01-04 caryclark limit bookmaker status output
2018-01-04 senorblanco GrTessellator: fix for points which become non-finite on AA stroking.
2018-01-04 scroggo Add SkAndroidCodec::MakeFromCodec
2018-01-04 herb Add directions for when trouble strikes in fetch-skps.
2018-01-03 ethannicholas sksl now provides support for inverse, transpose, et al. on older versions of OpenGL
2018-01-04 kjlubick Re-enable 3 clang warnings
2018-01-04 brianosman Always create a raster (cached) image

Created with:
  roll-dep src/third_party/skia
BUG= 798679 


The AutoRoll server is located here: https://autoroll.skia.org

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, please contact the current sheriff, who should
be CC'd on the roll, and stop the roller if necessary.


CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
TBR=jcgregorio@chromium.org

Change-Id: I7f0f6649dacad78471f137f067a6c15091b5df35
Reviewed-on: https://chromium-review.googlesource.com/851221
Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org>
Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#527211}
[modify] https://crrev.com/4be19025916cb986df248fc17b2a6e60e50a5169/DEPS

Project Member

Comment 6 by ClusterFuzz, Jan 5 2018

ClusterFuzz has detected this issue as fixed in range 527191:527230.

Detailed report: https://clusterfuzz.com/testcase?key=5574005569617920

Fuzzer: inferno_canvas_wrecker
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000028
Crash State:
  rewind
  merge_edges_below
  merge_collinear_edges
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=526470:526497
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=527191:527230

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5574005569617920

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Jan 5 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Untriaged)
ClusterFuzz testcase 5574005569617920 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment