Issue 819291 link

Starred by 1 user

Issue metadata

Status:	Started
Owner:	sadrul@chromium.org
Cc:	kenrb@chromium.org rjkroege@chromium.org █ gklassen@chromium.org riajiang@chromium.org wfh@chromium.org creis@chromium.org
Components:	Internals>Sandbox>SiteIsolation Internals>Services>Viz
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Chrome , Mac
Pri:	2
Type:	Bug

Blocking:
issue 804888

Add fuzzing for HitTestQuery

Project Member Reported by sadrul@chromium.org, Mar 6 2018

Issue description

We should add a fuzzer for HitTestQuery before we start doing a finch-trial for viz-hittesting.

We should add a fuzzer for HitTestQuery and HitTestAggregator before we start doing a finch-trial for viz-hittesting.

We should add a fuzzer for HitTestQuery before we start doing a finch-trial for viz-hittesting.

Project Member

Comment 1 by bugdroid1@chromium.org, Mar 6 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/04c90b668f8bbc4e408cf88684f18359c7761120

commit 04c90b668f8bbc4e408cf88684f18359c7761120
Author: Sadrul Habib Chowdhury <sadrul@chromium.org>
Date: Tue Mar 06 18:58:23 2018

viz: Remove a workaround for SkMatrix44.

HitTestAggregator creates a shared memory segment, and populates it with
a list of AggregatedHitTestRegion objects. It then shares the memory with
HitTestQuery, which sees this as read-only data. However, when using the
gfx::Transform, which is backed by SkMatrix44, it can attempt to write to
the read-only shared memory (because SkMatrix44 has a mutable attribute
which can be changed during a const-method call), which causes failure
(crash) in HitTestQuery. To avoid this failure, always make a copy of the
gfx::Transform before using it in HitTestQuery.

BUG=819291

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel
Change-Id: I97d23c25de7271e1813b1c4e0a4de05ce2cdc7c4
Reviewed-on: https://chromium-review.googlesource.com/950471
Commit-Queue: Sadrul Chowdhury <sadrul@chromium.org>
Reviewed-by: Ria Jiang <riajiang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541162}
[modify] https://crrev.com/04c90b668f8bbc4e408cf88684f18359c7761120/components/viz/common/hit_test/aggregated_hit_test_region.h
[modify] https://crrev.com/04c90b668f8bbc4e408cf88684f18359c7761120/components/viz/host/hit_test/hit_test_query.cc
[modify] https://crrev.com/04c90b668f8bbc4e408cf88684f18359c7761120/components/viz/host/hit_test/hit_test_query_unittest.cc
[modify] https://crrev.com/04c90b668f8bbc4e408cf88684f18359c7761120/components/viz/service/hit_test/hit_test_aggregator.cc
[modify] https://crrev.com/04c90b668f8bbc4e408cf88684f18359c7761120/components/viz/service/hit_test/hit_test_aggregator_unittest.cc

Comment 2 by riajiang@chromium.org, Mar 6 2018

Summary: Add fuzzing for viz hit-test (was: Add fuzzing for HitTestQuery)

Comment 3 by riajiang@chromium.org, Mar 6 2018

Description: Show this description

Comment 4 by riajiang@chromium.org, Mar 7 2018

Description: Show this description

Comment 5 by riajiang@chromium.org, Mar 7 2018

Summary: Add fuzzing for HitTestQuery (was: Add fuzzing for viz hit-test)

Project Member

Comment 6 by bugdroid1@chromium.org, Mar 9 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ad8ab8fd70189c757e710a5b7335c8bf8be7188b

commit ad8ab8fd70189c757e710a5b7335c8bf8be7188b
Author: Sadrul Habib Chowdhury <sadrul@chromium.org>
Date: Fri Mar 09 00:53:07 2018

viz hit test: Add a fuzzer for hit-test-query.

Treat the fuzzer-input as the aggregated hit-test data, and run a bunch of
queries on that.

BUG=819291

Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel
Change-Id: Iab5b09820c2751126fd6a9f630848834b47d2dd0
Reviewed-on: https://chromium-review.googlesource.com/949407
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Ken Rockot <rockot@chromium.org>
Reviewed-by: Ria Jiang <riajiang@chromium.org>
Commit-Queue: Sadrul Chowdhury <sadrul@chromium.org>
Cr-Commit-Position: refs/heads/master@{#541970}
[modify] https://crrev.com/ad8ab8fd70189c757e710a5b7335c8bf8be7188b/components/viz/host/BUILD.gn
[modify] https://crrev.com/ad8ab8fd70189c757e710a5b7335c8bf8be7188b/components/viz/host/hit_test/DEPS
[add] https://crrev.com/ad8ab8fd70189c757e710a5b7335c8bf8be7188b/components/viz/host/hit_test/hit_test_query_fuzzer.cc

►

Issue 819291 link

Issue metadata

Add fuzzing for HitTestQuery

Issue description

Comment 1 by bugdroid1@chromium.org, Mar 6 2018

Comment 1 Deleted

Comment 2 by riajiang@chromium.org, Mar 6 2018

Comment 2 Deleted

Comment 3 by riajiang@chromium.org, Mar 6 2018

Comment 3 Deleted

Comment 4 by riajiang@chromium.org, Mar 7 2018

Comment 4 Deleted

Comment 5 by riajiang@chromium.org, Mar 7 2018

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Mar 9 2018

Comment 6 Deleted

Sign in to add a comment