Null-dereference READ in chrome |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5079165964124160 Fuzzer: noel-image-surku Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: chrome () cc::ScopedRasterFlags::DecodeRecordShader Sanitizer: cfi (CFI) Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=544601:544617 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5079165964124160 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Mar 21 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/0c568dc759c39d7598cfd811f7f2096daebc26c0 (cc: Support animated images in PaintFilters.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Mar 22 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fb0d82a43ed2cfac6da93278b631d603eb072c55 commit fb0d82a43ed2cfac6da93278b631d603eb072c55 Author: Khushal <khushalsagar@chromium.org> Date: Thu Mar 22 02:01:42 2018 cc: Fix flags access in ScopedRasterFlags. If an image fails to decode on a shader, abort early instead of trying to decode the flags further. Since Flags() returns nullptr based on whether the decode failed, it was causing crashes. R=enne@chromium.org Bug: 824068 , 824058 Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;master.tryserver.blink:linux_trusty_blink_rel Change-Id: I1040598df19c94a10a71a5b494f196abfffee2ab Reviewed-on: https://chromium-review.googlesource.com/974480 Reviewed-by: enne <enne@chromium.org> Commit-Queue: Khushal <khushalsagar@chromium.org> Cr-Commit-Position: refs/heads/master@{#544945} [modify] https://crrev.com/fb0d82a43ed2cfac6da93278b631d603eb072c55/cc/paint/scoped_raster_flags.cc [modify] https://crrev.com/fb0d82a43ed2cfac6da93278b631d603eb072c55/cc/paint/scoped_raster_flags.h
,
Mar 22 2018
ClusterFuzz has detected this issue as fixed in range 544920:544956. Detailed report: https://clusterfuzz.com/testcase?key=5079165964124160 Fuzzer: noel-image-surku Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: chrome () cc::ScopedRasterFlags::DecodeRecordShader Sanitizer: cfi (CFI) Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=544601:544617 Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=544920:544956 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5079165964124160 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 22 2018
ClusterFuzz testcase 5079165964124160 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Mar 21 2018Labels: Test-Predator-Auto-Components