Issue metadata
Sign in to add a comment
|
Negative-size-param in SkPixmap::erase |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5975351608737792 Fuzzer: inferno_canvas_wrecker Job Type: mac_asan_chrome Platform Id: mac Crash Type: Negative-size-param Crash Address: Crash State: SkPixmap::erase SkBitmap::erase SkBitmap::eraseColor Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=534129:534174 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5975351608737792 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Feb 15 2018
Automatically adding ccs based on suspected regression changelists: [Fuchsia] Copy fonts from the host for layout tests by sergeyu@chromium.org - https://chromium.googlesource.com/chromium/src/+/def62d54c45d5598eea3b4808f8cce07f308e1cd Disable texture strip atlasing for DDL by robertphillips@google.com - https://skia.googlesource.com/skia/+/7a9263906c677c0fa5636521e3cc58ba60837720 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Feb 15 2018
,
Feb 15 2018
,
Feb 15 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 15 2018
,
Feb 15 2018
,
Feb 15 2018
,
Feb 15 2018
,
Feb 15 2018
robertphillips: would you mind taking a quick look to see if this was caused by your CL in #2? Thanks.
,
Feb 15 2018
It is not. I have added the Test-Predator-Wrong-CLs label. It is, however, in herb@'s domain and he is looking into it.
,
Feb 16 2018
,
Feb 26 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/78663f9dad1235e47c2fa9cfd1a9dd979d373871 commit 78663f9dad1235e47c2fa9cfd1a9dd979d373871 Author: Herb Derby <herb@google.com> Date: Mon Feb 26 17:53:48 2018 Fix overflow in number of bytes to erase. The width and the height were multiplied as int * int. Now it is int64_t * int64_t. BUG= chromium:812519 Change-Id: If60bbdd8ee92748559b2e4f3ab57e4463a8006e8 Reviewed-on: https://skia-review.googlesource.com/109781 Reviewed-by: Florin Malita <fmalita@chromium.org> Commit-Queue: Herb Derby <herb@google.com> [modify] https://crrev.com/78663f9dad1235e47c2fa9cfd1a9dd979d373871/src/core/SkPixmap.cpp
,
Feb 27 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/14e6f2c9505e44b178460d38ce0a365734fb4432 commit 14e6f2c9505e44b178460d38ce0a365734fb4432 Author: skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Tue Feb 27 00:22:44 2018 Roll src/third_party/skia/ 84d823a5e..9d57afd93 (14 commits) https://skia.googlesource.com/skia.git/+log/84d823a5e2a0..9d57afd93e70 $ git log 84d823a5e..9d57afd93 --date=short --no-merges --format='%ad %ae %s' 2018-02-26 robertphillips Clean up GrDrawOpAtlas 2018-02-26 benjaminwagner Omit test causing Chromecast to OOM. 2018-02-26 jvanverth Add some additional checks for shadow generation 2018-02-26 rmistry Skip failing pageset from key_mobile_sites_smooth 2018-02-26 mtklein align f16 buffers in SkRasterPipeline_tail test 2018-02-26 egdaniel Revert "Revert "Fixes to alignment issues with regards to mapped vulkan memory."" 2018-02-26 angle-skia-autoroll Roll skia/third_party/externals/angle2/ 3582c0e2c..b52fac03f (4 commits) 2018-02-26 reed use SkIRect makeOffset to avoid overflows 2018-02-26 mtklein fix mask address calculation 2018-02-26 skcms-skia-autoroll Roll skia/third_party/externals/skcms/ 0d1aefed6..e496333d5 (3 commits) 2018-02-23 herb Fix overflow in number of bytes to erase. 2018-02-26 borenet Fix builder_name_schema for Upload tasks 2018-02-26 olegmax Fix assert format string in GrContext_colorTypeSupportedAsImage test. 2018-02-26 robertphillips Revert "Revert "Separate creation time & flush time behavior in GrDrawOpAtlas (take 2)"" Created with: roll-dep src/third_party/skia BUG= 812519 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel TBR=benjaminwagner@chromium.org Change-Id: I351edccce76f73dd33b0e5364f0f33129e8e620f Reviewed-on: https://chromium-review.googlesource.com/938283 Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#539339} [modify] https://crrev.com/14e6f2c9505e44b178460d38ce0a365734fb4432/DEPS
,
Feb 27 2018
ClusterFuzz has detected this issue as fixed in range 539328:539361. Detailed report: https://clusterfuzz.com/testcase?key=5975351608737792 Fuzzer: inferno_canvas_wrecker Job Type: mac_asan_chrome Platform Id: mac Crash Type: Negative-size-param Crash Address: Crash State: SkPixmap::erase SkBitmap::erase SkBitmap::eraseColor Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=534129:534174 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=539328:539361 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5975351608737792 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 27 2018
ClusterFuzz testcase 5975351608737792 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Feb 27 2018
,
Mar 16 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/8a3e0b31927ae78bc3e9c342b1290a6a64233674 commit 8a3e0b31927ae78bc3e9c342b1290a6a64233674 Author: Herb Derby <herb@google.com> Date: Fri Mar 16 14:14:40 2018 Fix overflow in number of bytes to erase. The width and the height were multiplied as int * int. Now it is int64_t * int64_t. BUG= chromium:812519 Change-Id: If60bbdd8ee92748559b2e4f3ab57e4463a8006e8 Reviewed-on: https://skia-review.googlesource.com/109781 Reviewed-by: Florin Malita <fmalita@chromium.org> Commit-Queue: Herb Derby <herb@google.com> (cherry picked from commit 78663f9dad1235e47c2fa9cfd1a9dd979d373871) Reviewed-on: https://skia-review.googlesource.com/113780 Reviewed-by: Hal Canary <halcanary@google.com> [modify] https://crrev.com/8a3e0b31927ae78bc3e9c342b1290a6a64233674/src/core/SkPixmap.cpp
,
Mar 27 2018
,
Mar 28 2018
,
Jun 5 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Feb 15 2018Labels: Test-Predator-Auto-Components