Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in GrConfigConversionEffect::TestForPreservingPMConversions |
||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6371295558893568 Fuzzer: inferno_canvas_wrecker Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: GrConfigConversionEffect::TestForPreservingPMConversions GrContextPriv::readSurfacePixels GrSurfaceContext::readPixels Sanitizer: memory (MSAN) Recommended Security Severity: Medium Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6371295558893568 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Apr 27 2018
There are some comments about problems here in the past for MSAN bots in Issue 732140. bsalomon@, can you PTAL?
,
Apr 27 2018
I suspect this will fix it: https://skia-review.googlesource.com/c/skia/+/124350
,
Apr 28 2018
,
Apr 30 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/7b9b326338543f1a4aaccb1819602d61314cc698 commit 7b9b326338543f1a4aaccb1819602d61314cc698 Author: Brian Salomon <bsalomon@google.com> Date: Mon Apr 30 17:21:33 2018 memset arrays in TestForPreservingPMConversions in case of read pixels failure Bug: chromium:837649 Change-Id: Iced3cef5af8745964323ef3fa8cc5ac9d184c3b4 Reviewed-on: https://skia-review.googlesource.com/124350 Reviewed-by: Robert Phillips <robertphillips@google.com> Commit-Queue: Brian Salomon <bsalomon@google.com> [modify] https://crrev.com/7b9b326338543f1a4aaccb1819602d61314cc698/src/gpu/effects/GrConfigConversionEffect.h
,
Apr 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fc8bb6dd95c3ac769660ee6bd32289affcaa321d commit fc8bb6dd95c3ac769660ee6bd32289affcaa321d Author: skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Mon Apr 30 20:42:18 2018 Roll src/third_party/skia/ 00d554b5b..44a8c74e3 (3 commits) https://skia.googlesource.com/skia.git/+log/00d554b5b6d7..44a8c74e3554 $ git log 00d554b5b..44a8c74e3 --date=short --no-merges --format='%ad %ae %s' 2018-04-30 brianosman Use skcms equality to detect sRGB profiles 2018-04-30 herb Check that Android is not looking up fonts 2018-04-27 bsalomon memset arrays in TestForPreservingPMConversions in case of read pixels failure Created with: roll-dep src/third_party/skia BUG= chromium:837649 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel TBR=brianosman@chromium.org Change-Id: I355fcd56fff2d47b892989370583cfd9c9bebbfe Reviewed-on: https://chromium-review.googlesource.com/1035621 Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#554865} [modify] https://crrev.com/fc8bb6dd95c3ac769660ee6bd32289affcaa321d/DEPS
,
May 1 2018
bsalomon - any idea how far back this goes and/or which branches are impacted? Thanks!
,
May 1 2018
Basically forever (years). However, this code is just checking whether a particular pair of alpha-premul -unpremul shader strategies produces a consistent round trip for canvas2d putImageData/getImageData. The pixel data never escapes the function. There could be two possible effects: One is that we falsely determine a particular rounding strategy is round trippable on the GPU when it is not. This would mean if getImageData/putImageData/getImageData on a canvas was performed the second getImageData() could produce slightly different pixel results than the first. The second result could be that we determine that none of the premul/unpremul strategies are round-trippable and we do the premul/unpremul'ing on the CPU. This would cause getImageData/putImageData to be less performant but still correct.
,
May 2 2018
,
May 15 2018
ClusterFuzz testcase 6371295558893568 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 21
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ClusterFuzz
, Apr 27 2018Labels: Test-Predator-Auto-Components