New issue
Advanced search Search tips

Issue 799862 link

Starred by 1 user
Status: Untriaged
Owner: ----
Cc:
kjlubick@chromium.org
kjlubick@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 3
Type: Bug



Sign in to add a comment

assertion in SkRRect.cpp(47)

Reported by zhunkib...@gmail.com, Jan 8 2018 
UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Steps to reproduce the problem:
1. build latest code of filter_fuzz_stub with following gn flags:
is_debug = true
(ninja -C buildir skia:filter_fuzz_stub)
2. Run filter_fuzz_stub with attached file:
./filter_fuzz_stub  isvalid.fil
[0108/174157.465842:INFO:SkRRect.cpp(47)] ../../third_party/skia/src/core/SkRRect.cpp:47: fatal error: "assert(this->isValid())"

Aborted

What is the expected behavior?

What went wrong?
this->isValid()

Did this work before? N/A 

Chrome version: 65.0.3307.0  Channel: n/a
OS Version: 16.04
Flash Version:
isvalid.fil
788 bytes Download

Comment 1 by elawrence@chromium.org, Jan 8 2018

Components: Internals>Skia

Comment 2 by metzman@chromium.org, Jan 8 2018

Labels: OS-Android OS-Chrome OS-Fuchsia OS-Mac OS-Windows
Status: Untriaged (was: Unconfirmed)
Can confirm this causes an assertion failure.

However there is no crash when it is run with an ASan UbSan or MSAN build (with is_debug=false).

Comment 3 by metzman@chromium.org, Jan 8 2018

Labels: -Type-Bug-Security -Pri-2 -Restrict-View-SecurityTeam Pri-3 Type-Bug
As said here https://bugs.chromium.org/p/chromium/issues/detail?id=799860#c3
assertion failures in skia are not security bugs.

Labeling accordingly.

Comment 4 by metzman@chromium.org, Jan 22 2018

Cc: kjlubick@chromium.org kjlubick@google.com

Sign in to add a comment