Null-dereference READ in SkImage::width |
||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4958725097127936 Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000000000c Crash State: SkImage::width cc::CreateDrawImage cc::DrawImageRectOp::Serialize Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=529167:529168 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4958725097127936 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jan 20 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/5cb9e8d52ba6f729e36c4ab3447c4a76ad250832 (Allow site settings to query favicons by host name.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jan 21 2018
,
Jan 21 2018
My CL doesn't touch CC or Skia, and I'm having a very hard time working out why this fuzzer would have tripped when it doesn't actually run any of the code I changed. Over to the ClusterFuzz folks.
,
Jan 22 2018
,
Jan 25 2018
enne@, vmpstr@ - can you please help to triage.
,
Jan 25 2018
,
Jan 25 2018
ericrk: Do you think we need a fake transfer cache that always generates an image no matter what entry you ask for? Or should we just skip images in the equality fuzzer?
,
Feb 21 2018
,
May 3 2018
ClusterFuzz has detected this issue as fixed in range 555636:555647. Detailed report: https://clusterfuzz.com/testcase?key=4958725097127936 Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x00000000000c Crash State: SkImage::width cc::CreateDrawImage cc::DrawImageRectOp::Serialize Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=529167:529168 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=555636:555647 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4958725097127936 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 3 2018
ClusterFuzz testcase 4958725097127936 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ClusterFuzz
, Jan 20 2018Labels: Test-Predator-Auto-Components