Null-dereference READ in SkImage::colorSpace |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6677046001139712 Fuzzer: afl_transfer_cache_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: SkImage::colorSpace SkImage::makeColorSpace cc::ServiceImageTransferCacheEntry::Deserialize Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=541279:541292 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6677046001139712 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Mar 7 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/b346beb380ac646762daa5c561d088afc12f6877 (oop: Add transfer cache deserialization fuzzer). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Mar 7 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1b9f5f8cee9aeb7e73020405ba9be3c0bcc57f71 commit 1b9f5f8cee9aeb7e73020405ba9be3c0bcc57f71 Author: Adrienne Walker <enne@chromium.org> Date: Wed Mar 07 20:06:01 2018 oop: Fix transfer cache early out on bad image This fixes a fuzzer null dereference. Bug: 819562 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Change-Id: Ia2e7138b6fd143ecd187679843f695c81e65bb63 Reviewed-on: https://chromium-review.googlesource.com/953143 Reviewed-by: Eric Karl <ericrk@chromium.org> Commit-Queue: enne <enne@chromium.org> Cr-Commit-Position: refs/heads/master@{#541541} [modify] https://crrev.com/1b9f5f8cee9aeb7e73020405ba9be3c0bcc57f71/cc/paint/image_transfer_cache_entry.cc
,
Mar 8 2018
ClusterFuzz has detected this issue as fixed in range 541534:541559. Detailed report: https://clusterfuzz.com/testcase?key=6677046001139712 Fuzzer: afl_transfer_cache_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: SkImage::colorSpace SkImage::makeColorSpace cc::ServiceImageTransferCacheEntry::Deserialize Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=541279:541292 Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=541534:541559 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6677046001139712 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 8 2018
ClusterFuzz testcase 6677046001139712 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Mar 7 2018Labels: Test-Predator-Auto-Components