New issue
Advanced search Search tips

Issue 799866 link

Starred by 1 user
Status: Untriaged
Owner: ----
Cc:
kjlubick@chromium.org
kjlubick@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 3
Type: Bug



Sign in to add a comment

assertion in SkGradientShader.cpp(177)

Reported by zhunkib...@gmail.com, Jan 8 2018 
UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Steps to reproduce the problem:
1. build latest code of filter_fuzz_stub with following gn flags:
is_debug = true
(ninja -C buildir skia:filter_fuzz_stub)
2. Run filter_fuzz_stub with attached file:
./filter_fuzz_stub  gammalsLinear.fil
[0108/175135.670689:INFO:SkGradientShader.cpp(177)] ../../third_party/skia/src/shaders/gradients/SkGradientShader.cpp:177: fatal error: "assert(desc.fColorSpace->gammaIsLinear())"

Aborted

What is the expected behavior?

What went wrong?
fatal error: "assert(desc.fColorSpace->gammaIsLinear())"

Did this work before? N/A 

Chrome version: 65.0.3307.0  Channel: n/a
OS Version: 16.04
Flash Version:
gammaIsLinear.fil
416 bytes Download

Comment 1 by elawrence@chromium.org, Jan 8 2018

Components: Internals>Skia

Comment 2 by metzman@chromium.org, Jan 8 2018

Labels: OS-Android OS-Chrome OS-Fuchsia OS-Mac OS-Windows
Status: Untriaged (was: Unconfirmed)
This definitely throws an assertion error.

However there is no crash when it is run with an ASan UbSan or MSAN build.

Comment 3 by metzman@chromium.org, Jan 8 2018

Labels: -Type-Bug-Security -Pri-2 -Restrict-View-SecurityTeam Pri-3 Type-Bug
As said here https://bugs.chromium.org/p/chromium/issues/detail?id=799860#c3
assertion failures in skia are not security bugs.

Labeling as such.

Comment 4 by metzman@chromium.org, Jan 22 2018

Cc: kjlubick@chromium.org kjlubick@google.com

Sign in to add a comment