Issue metadata
Sign in to add a comment
|
use-of-uninitialized-value in sse2::blit_row_s32a_opaque
Reported by
m.cooo...@gmail.com,
Jan 10 2018
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Steps to reproduce the problem: 1. download https://www.googleapis.com/download/storage/v1/b/chromium-browser-msan/o/linux-release%2Fmsan-no-origins-linux-release-528270.zip?generation=1515579120897689&alt=media 2. run ./filter_fuzz_stub poc What is the expected behavior? What went wrong? use-of-uninitialized-value Did this work before? N/A Chrome version: last build of chrome Channel: n/a OS Version: 16.04 Flash Version: MASN [0110/182828.994747:INFO:filter_fuzz_stub.cc(61)] Test case: ./m7 [0110/182828.997111:INFO:filter_fuzz_stub.cc(38)] Valid stream detected. Uninitialized bytes in __msan_check_mem_is_initialized at offset 0 inside [0x71d000000a00, 96) ==7823==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x9c2eff in sk_msan_assert_initialized src/third_party/skia/src/core/SkMSAN.h:24:9 #1 0x9c2eff in sse2::blit_row_s32a_opaque(unsigned int*, unsigned int const*, int, unsigned int) src/third_party/skia/src/opts/SkBlitRow_opts.h:83 #2 0x10d2848 in Sprite_D32_S32::blitRect(int, int, int, int) src/third_party/skia/src/core/SkSpriteBlitter_ARGB32.cpp:46:13 #3 0xac488c in blitrect src/third_party/skia/src/core/SkScan.cpp:25:14 #4 0xac488c in SkScan::FillIRect(SkIRect const&, SkRegion const*, SkBlitter*) src/third_party/skia/src/core/SkScan.cpp:36 #5 0x959dfe in SkDraw::drawBitmap(SkBitmap const&, SkMatrix const&, SkRect const*, SkPaint const&) const src/third_party/skia/src/core/SkDraw.cpp:1271:17 #6 0xf51036 in SkBitmapDevice::drawBitmapRect(SkBitmap const&, SkRect const*, SkRect const&, SkPaint const&, SkCanvas::SrcRectConstraint) src/third_party/skia/src/core/SkBitmapDevice.cpp:324:26 #7 0x8ebb01 in SkCanvas::internalDrawBitmapRect(SkBitmap const&, SkRect const*, SkRect const&, SkPaint const*, SkCanvas::SrcRectConstraint) src/third_party/skia/src/core/SkCanvas.cpp:2334:23 #8 0x8da019 in SkCanvas::drawBitmapRect(SkBitmap const&, SkRect const&, SkRect const&, SkPaint const*, SkCanvas::SrcRectConstraint) src/third_party/skia/src/core/SkCanvas.cpp:1840:11 #9 0x8da62f in SkCanvas::drawBitmapRect(SkBitmap const&, SkIRect const&, SkRect const&, SkPaint const*, SkCanvas::SrcRectConstraint) src/third_party/skia/src/core/SkCanvas.cpp:1845:11 #10 0xaf8966 in SkSpecialImage_Raster::onDraw(SkCanvas*, float, float, SkPaint const*) const src/third_party/skia/src/core/SkSpecialImage.cpp:229:17 #11 0x1155680 in SkDropShadowImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const src/third_party/skia/src/effects/SkDropShadowImageFilter.cpp:108:16 #12 0x978b97 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const src/third_party/skia/src/core/SkImageFilter.cpp:213:40 #13 0xf53df5 in SkBitmapDevice::drawSpecial(SkSpecialImage*, int, int, SkPaint const&, SkImage*, SkMatrix const&) src/third_party/skia/src/core/SkBitmapDevice.cpp:421:33 #14 0x8c90d8 in SkCanvas::internalDrawDevice(SkBaseDevice*, int, int, SkPaint const*, SkImage*, SkMatrix const&) src/third_party/skia/src/core/SkCanvas.cpp:1313:25 #15 0x8c2c4d in SkCanvas::internalRestore() src/third_party/skia/src/core/SkCanvas.cpp:1201:19 #16 0x8ea40a in ~AutoDrawLooper src/third_party/skia/src/core/SkCanvas.cpp:495:22 #17 0x8ea40a in SkCanvas::onDrawBitmap(SkBitmap const&, float, float, SkPaint const*) src/third_party/skia/src/core/SkCanvas.cpp:2308 #18 0x8d97ca in SkCanvas::drawBitmap(SkBitmap const&, float, float, SkPaint const*) src/third_party/skia/src/core/SkCanvas.cpp:1831:11 #19 0x4957b4 in RunTestCase src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:48:13 #20 0x4957b4 in ReadAndRunTestCase src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:67 #21 0x4957b4 in main src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:91 #22 0x7f6a70ac082f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 #23 0x423ff9 in _start (/mnt/data/repo/chromium/out/msan_x64/filter_fuzz_stub+0x423ff9) Uninitialized value was created by a heap allocation #0 0x449bed in __interceptor_malloc /b/build/slave/linux_upload_clang/build/src/third_party/llvm/compiler-rt/lib/msan/msan_interceptors.cc:939:3 #1 0x15fe459 in base::UncheckedMalloc(unsigned long, void**) src/base/process/memory_linux.cc:104:13 #2 0x89e5c5 in malloc_nothrow src/skia/ext/SkMemory_new_handler.cpp:76:19 #3 0x89e5c5 in sk_malloc_flags(unsigned long, unsigned int) src/skia/ext/SkMemory_new_handler.cpp:115 #4 0x987f5b in sk_malloc_canfail src/third_party/skia/include/private/SkMalloc.h:79:12 #5 0x987f5b in MakeUsing src/third_party/skia/src/core/SkMallocPixelRef.cpp:76 #6 0x987f5b in SkMallocPixelRef::MakeAllocate(SkImageInfo const&, unsigned long) src/third_party/skia/src/core/SkMallocPixelRef.cpp:86 #7 0x8a3404 in SkBitmap::tryAllocPixels(SkImageInfo const&, unsigned long) src/third_party/skia/src/core/SkBitmap.cpp:251:28 #8 0x11a10e4 in tryAllocPixels src/third_party/skia/include/core/SkBitmap.h:523:22 #9 0x11a10e4 in SkMatrixConvolutionImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const src/third_party/skia/src/effects/SkMatrixConvolutionImageFilter.cpp:359 #10 0x978b97 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const src/third_party/skia/src/core/SkImageFilter.cpp:213:40 #11 0x97ff9a in SkImageFilter::filterInput(int, SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const src/third_party/skia/src/core/SkImageFilter.cpp:512:41 #12 0x1154ca4 in SkDropShadowImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const src/third_party/skia/src/effects/SkDropShadowImageFilter.cpp:68:39 #13 0x978b97 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const src/third_party/skia/src/core/SkImageFilter.cpp:213:40 #14 0xf53df5 in SkBitmapDevice::drawSpecial(SkSpecialImage*, int, int, SkPaint const&, SkImage*, SkMatrix const&) src/third_party/skia/src/core/SkBitmapDevice.cpp:421:33 #15 0x8c90d8 in SkCanvas::internalDrawDevice(SkBaseDevice*, int, int, SkPaint const*, SkImage*, SkMatrix const&) src/third_party/skia/src/core/SkCanvas.cpp:1313:25 #16 0x8c2c4d in SkCanvas::internalRestore() src/third_party/skia/src/core/SkCanvas.cpp:1201:19 #17 0x8ea40a in ~AutoDrawLooper src/third_party/skia/src/core/SkCanvas.cpp:495:22 #18 0x8ea40a in SkCanvas::onDrawBitmap(SkBitmap const&, float, float, SkPaint const*) src/third_party/skia/src/core/SkCanvas.cpp:2308 #19 0x8d97ca in SkCanvas::drawBitmap(SkBitmap const&, float, float, SkPaint const*) src/third_party/skia/src/core/SkCanvas.cpp:1831:11 #20 0x4957b4 in RunTestCase src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:48:13 #21 0x4957b4 in ReadAndRunTestCase src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:67 #22 0x4957b4 in main src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:91 #23 0x7f6a70ac082f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291 SUMMARY: MemorySanitizer: use-of-uninitialized-value src/third_party/skia/src/core/SkMSAN.h:24:9 in sk_msan_assert_initialized
,
Jan 17 2018
,
Jan 22 2018
,
May 4 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Jan 10 2018Components: Internals>Skia