Issue metadata
Sign in to add a comment
|
CHECK failure: sizeof(T) <= static_cast<size_t>(4) in skia_image_filter_proto_converter.cc |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4878362099843072 Fuzzer: libFuzzer_skia_image_filter_proto_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: sizeof(T) <= static_cast<size_t>(4) in skia_image_filter_proto_converter.cc void skia_image_filter_proto_converter::Converter::WriteNum<unsigned long> skia_image_filter_proto_converter::Converter::WriteString Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=533258:533361 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4878362099843072 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Feb 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f2267d0d1c488cc65e6ea5d5221559044910301e commit f2267d0d1c488cc65e6ea5d5221559044910301e Author: Jonathan Metzman <metzman@chromium.org> Date: Fri Feb 02 20:42:42 2018 [LPM] Speculative fix for Mac builds of skia proto fuzzer. On Mac builds, it looks like calling WriteNum on a size_t was causing the compiler to select the templated version of WriteNum rather than the uint64_t version. Hopefully it won't do the opposite (and break on calls to WriteNum(uint64_t) because of this fix. Bug: 808155 , 769578 Change-Id: I8babcf6da5090b9bffdbcc98b573c11c02f2e489 Reviewed-on: https://chromium-review.googlesource.com/899906 Commit-Queue: Jonathan Metzman <metzman@chromium.org> Reviewed-by: Martin Barbella <mbarbella@chromium.org> Cr-Commit-Position: refs/heads/master@{#534143} [modify] https://crrev.com/f2267d0d1c488cc65e6ea5d5221559044910301e/testing/libfuzzer/proto/skia_image_filter_proto_converter.cc [modify] https://crrev.com/f2267d0d1c488cc65e6ea5d5221559044910301e/testing/libfuzzer/proto/skia_image_filter_proto_converter.h
,
Feb 3 2018
ClusterFuzz has detected this issue as fixed in range 534019:534158. Detailed report: https://clusterfuzz.com/testcase?key=4878362099843072 Fuzzer: libFuzzer_skia_image_filter_proto_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: CHECK failure Crash Address: Crash State: sizeof(T) <= static_cast<size_t>(4) in skia_image_filter_proto_converter.cc void skia_image_filter_proto_converter::Converter::WriteNum<unsigned long> skia_image_filter_proto_converter::Converter::WriteString Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=533258:533361 Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=534019:534158 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4878362099843072 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 3 2018
ClusterFuzz testcase 4878362099843072 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by brajkumar@chromium.org
, Feb 2 2018Components: Internals>Skia
Labels: -Type-Bug M-66 Test-Predator-Wrong Type-Bug-Regression
Owner: metzman@chromium.org
Status: Assigned (was: Untriaged)