Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/379fca1ffe9bbce2514969ce44712424d4c952b2 (Rename color_transform_fuzztest to comply with other fuzz targets -> color_transform_fuzzer.).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

Heather, could you please help find an owner for this?

Oh boy, there's so much wrong here.

SkICC::rawTransferFnData() calls first isNumericalTransferFn().  Inside SkColorSpace_XYZ::onIsNumericalTransferFn(), we're comparing fGammas->data(0) != fGammas->data(1), etc.  If we look at SkGammas::Data's operator==, it only makes sense for table type data, so whatever comparison is going on there is complete nonsense.  That's a bad start.

In this particular case we're parsing a profile with linear red, linear green, and a parametric blue (g=2.46355 a=0.926865 0.0730896 0.166351 0.0078125 255.973 1.52588e-05).  It happens to luckily fail the this->isNumericalTransferFn() call, and then SkICC::rawTransferFnData() next does that same completely bogus gammas->data(0) == gammas->data(1) && gammas->data(0) == gammas->data(2) check, which passes because it's completely wrong.  At this point we seems to assume that all three must be a table, because otherwise isNumericalTransferFn() would have returned something if it were not a table.

It's really just that that == operator is wrong.  I think the rest of SkICC::rawTransferFnData() will work if we fix that.

The following revision refers to this bug:
  https://skia.googlesource.com/skia/+/05d7416b371fe1db9faef5a3623e54e109977c2c

commit 05d7416b371fe1db9faef5a3623e54e109977c2c
Author: Mike Klein <mtklein@chromium.org>
Date: Fri Jan 26 21:13:10 2018

make SkGammas less bad

Data's existing operator== is terribly broken.
Instead replace it with what everyone really
wants to know, allChannelsSame().

I'm not quite ready to get rid of SkGammas yet,
but we're getting close.

Bug:  chromium:799834 

Change-Id: Ibcfd252e380b15fba53eb707f58304a50e90ce9f
Reviewed-on: https://skia-review.googlesource.com/100320
Reviewed-by: Herb Derby <herb@google.com>
Commit-Queue: Mike Klein <mtklein@chromium.org>

[modify] https://crrev.com/05d7416b371fe1db9faef5a3623e54e109977c2c/src/core/SkColorSpace_XYZ.cpp
[modify] https://crrev.com/05d7416b371fe1db9faef5a3623e54e109977c2c/src/core/SkColorSpaceXform.cpp
[modify] https://crrev.com/05d7416b371fe1db9faef5a3623e54e109977c2c/src/core/SkGammas.h
[modify] https://crrev.com/05d7416b371fe1db9faef5a3623e54e109977c2c/src/core/SkICC.cpp

ClusterFuzz has detected this issue as fixed in range 532206:532210.

Detailed report: https://clusterfuzz.com/testcase?key=4574443333746688

Fuzzer: libFuzzer_color_transform_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e900001e18
Crash State:
  sk_abort_no_print
  SkICC::rawTransferFnData
  SkICC::rawTransferFnData
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=504555:504585
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=532206:532210

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4574443333746688

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4574443333746688 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.