Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in sweep_lt_vert |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4947642571554816 Fuzzer: libFuzzer_paint_op_buffer_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sweep_lt_vert inversion stroke_boundary Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=526493:526497 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4947642571554816 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jan 4 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 4 2018
,
Jan 4 2018
https://chromium.googlesource.com/chromium/src/+/e4d6d0b50ec2e40aabe6a8c9928f512101771bb1 looks like the culprit.
,
Jan 5 2018
,
Jan 5 2018
Fix up for review in Skia: https://skia-review.googlesource.com/c/skia/+/91141
,
Jan 5 2018
,
Jan 5 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/f470b7ecf0ad3910e96414a3d93db61c422ba917 commit f470b7ecf0ad3910e96414a3d93db61c422ba917 Author: Stephen White <senorblanco@chromium.org> Date: Fri Jan 05 18:08:30 2018 GrTessellator: fix for assert on bevelling. With some large values, intersection for bevelling will fail. These should just skip the point, not assert. BUG= 798912 Change-Id: Ie5c8cc3c9387055e1e31480321a231f0e6ff153b Reviewed-on: https://skia-review.googlesource.com/91141 Reviewed-by: Brian Salomon <bsalomon@google.com> Commit-Queue: Stephen White <senorblanco@chromium.org> [modify] https://crrev.com/f470b7ecf0ad3910e96414a3d93db61c422ba917/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/f470b7ecf0ad3910e96414a3d93db61c422ba917/src/gpu/GrTessellator.cpp
,
Jan 6 2018
ClusterFuzz has detected this issue as fixed in range 527364:527373. Detailed report: https://clusterfuzz.com/testcase?key=4947642571554816 Fuzzer: libFuzzer_paint_op_buffer_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sweep_lt_vert inversion stroke_boundary Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=526493:526497 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=527364:527373 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4947642571554816 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 6 2018
ClusterFuzz testcase 4947642571554816 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jan 6 2018
,
Jan 6 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8971bdf7c090786e3b9143e07055b4f94d54752b commit 8971bdf7c090786e3b9143e07055b4f94d54752b Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org> Date: Sat Jan 06 16:10:08 2018 Roll src/third_party/skia/ 18eafd922..4d1d8bcf6 (29 commits) https://skia.googlesource.com/skia.git/+log/18eafd922d91..4d1d8bcf6df5 $ git log 18eafd922..4d1d8bcf6 --date=short --no-merges --format='%ad %ae %s' 2018-01-06 reed Revert "remove unused SkCurveMeasure" 2018-01-06 update-docs Update markdown files 2018-01-06 angle-skia-autoroll Roll skia/third_party/externals/angle2/ 66e2f8f25..eeda03b62 (1 commit) 2018-01-05 reed remove unused SkCurveMeasure 2018-01-05 reed begin cleanup of malloc porting layer 2018-01-05 angle-skia-autoroll Roll skia/third_party/externals/angle2/ 97f39b3c9..66e2f8f25 (1 commit) 2018-01-05 jvanverth Add fp-friendly check for zero-width BlurImageFilters 2018-01-05 angle-skia-autoroll Roll skia/third_party/externals/angle2/ 4a66ef3d8..97f39b3c9 (1 commit) 2018-01-05 jvanverth Don't apply blur to zero-sized circles 2018-01-05 caryclark change paint examples to use different font 2018-01-05 fmalita [skotty] Cubic Bezier lerp 2018-01-04 jcgregorio Update docs on how to build and run docserver. 2018-01-04 liyuqian Update 2pt conical gradient in raster pipeline 2018-01-05 bsalomon Remove public version of SkMatrix::mapPointsWithStride. 2018-01-05 angle-skia-autoroll Roll skia/third_party/externals/angle2/ e9d7f2d1b..4a66ef3d8 (3 commits) 2018-01-05 egdaniel Add GrResourceProviderPriv and expose GrGpu in it 2018-01-05 bsalomon Update SkMatrix_Reference.bmh to reflect mapPointsWithStride removal 2018-01-05 caryclark Revert "allow both slash types" 2018-01-05 bsalomon [Viewer] Preserve gesture transformation matrix on slide/backend change 2018-01-05 liyuqian Separate compile task from calmbench task 2018-01-05 caryclark update bookmaker 2018-01-05 fmalita [sksg] More inval fixes 2018-01-04 senorblanco GrTessellator: fix for assert on bevelling. 2018-01-05 bsalomon Privatize separate src/dst version of SkMatrix::mapPointsWithStride. 2018-01-05 kjlubick Enable conditional-uninitialized flag 2018-01-04 reed cubic-map for non-linear t 2018-01-05 angle-skia-autoroll Roll skia/third_party/externals/angle2/ f3e232959..e9d7f2d1b (1 commit) 2018-01-03 liyuqian Prepare rebaseline for removing legacy containedInClip 2018-01-05 caryclark allow both slash types Created with: roll-dep src/third_party/skia BUG= 798912 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel TBR=jcgregorio@chromium.org Change-Id: Ie51b374a6dffc657b091acf8b23c18cd6f83f7f6 Reviewed-on: https://chromium-review.googlesource.com/853318 Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org> Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#527520} [modify] https://crrev.com/8971bdf7c090786e3b9143e07055b4f94d54752b/DEPS
,
Feb 13 2018
,
Mar 27 2018
,
Apr 14 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jan 4 2018