Issue metadata
Sign in to add a comment
|
Null-dereference READ in SkConvertPixels |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5028445327982592 Fuzzer: noel-image-flip Job Type: linux_msan_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: SkConvertPixels SkPixmap::readPixels blink::DecodingImageGenerator::GetPixels Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=552558:552561 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5028445327982592 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 21 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/371ffcdbb5dca7fb1a0aeb53956905bb1d4f9fc5 ([SPv175] Repaint non-composited layer on layer visibility change). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Apr 21 2018
,
Apr 23 2018
,
Apr 23 2018
Predator and CL could not provide any possible suspects. Using Code Search for the file, "SkPixmap.cpp" suspecting the below Cl might have caused this issue Suspect CL: https://skia.googlesource.com/skia.git/+/18e9ba1eddb09bff6083f9a83dc569d3b3b54fe6 mtklein@ -- Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks!
,
Apr 25 2018
Hmm. Probably not that change. It doesn't appear that the crash stack is related to SkPixmap::erase(), and I don't think there's any use of 888x, 101010x, or 1010102 in Chromium.
,
May 8 2018
ClusterFuzz has detected this issue as fixed in range 556606:556608. Detailed report: https://clusterfuzz.com/testcase?key=5028445327982592 Fuzzer: noel-image-flip Job Type: linux_msan_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: SkConvertPixels SkPixmap::readPixels blink::DecodingImageGenerator::GetPixels Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=552558:552561 Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=556606:556608 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5028445327982592 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 8 2018
ClusterFuzz testcase 5028445327982592 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Apr 21 2018Labels: Test-Predator-Auto-Components