Null-dereference READ in SkImage::isTextureBacked |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6600041866461184 Fuzzer: libFuzzer_v8_serialized_script_value_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: SkImage::isTextureBacked blink::StaticBitmapImage::Create blink::ImageBitmap::ImageBitmap Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=490022:490184 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6600041866461184 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jan 25 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/bcc44201e8670e41bd67a9542114ce692c351f3f (Refactor of SkImage and Gpu context usage in blink). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jan 25 2018
I'll fix it. Simple enough and I was just in this space.
,
Jan 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/059010def2516cf5056ddde10cea18669e1f6a4a commit 059010def2516cf5056ddde10cea18669e1f6a4a Author: Stephen Chenney <schenney@chromium.org> Date: Tue Jan 30 18:56:48 2018 [PE] Fix a null ptr access in ImageBitmap The ImageBitmap constructor that takes pixel data and a width and height does not check for success of the skia MakeRasterCopy call, that will return null for a host of reasons. Add the check. R=junov@chromium.org BUG= 805972 Null check in ImageBitmap:ImageBitmap Change-Id: I4cd8464b21c3b14488ae8a948864b091f17d006a Reviewed-on: https://chromium-review.googlesource.com/887678 Reviewed-by: Florin Malita <fmalita@chromium.org> Commit-Queue: Stephen Chenney <schenney@chromium.org> Cr-Commit-Position: refs/heads/master@{#532976} [modify] https://crrev.com/059010def2516cf5056ddde10cea18669e1f6a4a/third_party/WebKit/Source/core/imagebitmap/ImageBitmap.cpp
,
Jan 30 2018
,
Jan 31 2018
ClusterFuzz has detected this issue as fixed in range 532975:532990. Detailed report: https://clusterfuzz.com/testcase?key=6600041866461184 Fuzzer: libFuzzer_v8_serialized_script_value_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: SkImage::isTextureBacked blink::StaticBitmapImage::Create blink::ImageBitmap::ImageBitmap Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=490022:490184 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=532975:532990 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6600041866461184 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 31 2018
ClusterFuzz testcase 6600041866461184 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Jan 25 2018Labels: Test-Predator-Auto-Components