Large allocation from Tessellator |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4714244881514496 Fuzzer: inferno_canvas_wrecker Job Type: mac_asan_chrome Platform Id: mac Crash Type: Abrt Crash Address: 0x7fff96c20f06 Crash State: sk_abort_no_print SkArenaAlloc::ensureSpace split_edge Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=493120:493198 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4714244881514496 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 10 2018
,
May 10 2018
It looks like the tessellator is asking for 4GB of memory, and the allocator can add the extra bytes to manage the block.
,
May 29 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/bfb2a05af105f452a0f369e39dae05f9224dfa19 commit bfb2a05af105f452a0f369e39dae05f9224dfa19 Author: Stephen White <senorblanco@chromium.org> Date: Tue May 29 17:10:16 2018 GrTessellator: fix for ping-pong split fuzzer hang. Change 3b5a3fa8b1c11d4bd4499b040311f4c3553ebf8c introduced support for splitting on out-of-range intersections. However, this is only necessary for correctness when the edge is nearly-flat (the top and bottom points only differ by 1/2 machine epsilon in the primary sort criterion). In other cases, it can cause repeated splitting and re-merging of edges, as the intersection code (being approximate and not exact) may produce a ping-pong set of intersections. The fix is to support out-of-range intersections only if they differ by 1/2 machine epsilon. This also generalizes the out_of_range_and_collinear() check, so it was removed. Bug: 838978 Change-Id: I134f7eff3f15707e0d68de11c55f7fadce4ff8e7 Reviewed-on: https://skia-review.googlesource.com/130448 Reviewed-by: Robert Phillips <robertphillips@google.com> Commit-Queue: Stephen White <senorblanco@chromium.org> [modify] https://crrev.com/bfb2a05af105f452a0f369e39dae05f9224dfa19/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/bfb2a05af105f452a0f369e39dae05f9224dfa19/src/gpu/GrTessellator.cpp
,
May 29 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/bfe959872ec7895d4aa6878a9fe189c37dffc99f commit bfe959872ec7895d4aa6878a9fe189c37dffc99f Author: Ravi Mistry <rmistry@google.com> Date: Tue May 29 18:19:17 2018 Revert "GrTessellator: fix for ping-pong split fuzzer hang." This reverts commit bfb2a05af105f452a0f369e39dae05f9224dfa19. Reason for revert: Seems to cause failures in chromeos and chromecast test bots. eg: https://chromium-swarm.appspot.com/task?id=3dc5be8269e3b410&refresh=10 https://chromium-swarm.appspot.com/task?id=3dc5d62dfdc99010&refresh=10 Original change's description: > GrTessellator: fix for ping-pong split fuzzer hang. > > Change 3b5a3fa8b1c11d4bd4499b040311f4c3553ebf8c introduced support for > splitting on out-of-range intersections. However, this is only necessary > for correctness when the edge is nearly-flat (the top and bottom > points only differ by 1/2 machine epsilon in the primary sort criterion). > In other cases, it can cause repeated splitting and re-merging of edges, > as the intersection code (being approximate and not exact) may produce a > ping-pong set of intersections. > > The fix is to support out-of-range intersections only if they differ by > 1/2 machine epsilon. This also generalizes the > out_of_range_and_collinear() check, so it was removed. > > Bug: 838978 > Change-Id: I134f7eff3f15707e0d68de11c55f7fadce4ff8e7 > Reviewed-on: https://skia-review.googlesource.com/130448 > Reviewed-by: Robert Phillips <robertphillips@google.com> > Commit-Queue: Stephen White <senorblanco@chromium.org> TBR=robertphillips@google.com,senorblanco@chromium.org Change-Id: I3fa62423d3875665397adcecb94b467b9b6611cc No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 838978 Reviewed-on: https://skia-review.googlesource.com/130522 Reviewed-by: Ravi Mistry <rmistry@google.com> Commit-Queue: Ravi Mistry <rmistry@google.com> [modify] https://crrev.com/bfe959872ec7895d4aa6878a9fe189c37dffc99f/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/bfe959872ec7895d4aa6878a9fe189c37dffc99f/src/gpu/GrTessellator.cpp
,
May 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/98fbdc4bd6518cc02195809f95b27c524036b4d3 commit 98fbdc4bd6518cc02195809f95b27c524036b4d3 Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Tue May 29 19:00:43 2018 Roll src/third_party/skia 1d1edc1..bfb2a05 (9 commits) https://skia.googlesource.com/skia.git/+log/1d1edc1..bfb2a05 git log 1d1edc1..bfb2a05 --date=short --no-merges --format='%ad %ae %s' 2018-05-29 senorblanco@chromium.org GrTessellator: fix for ping-pong split fuzzer hang. 2018-05-29 bsalomon@google.com Revert "Make GrTextureOp disable coverage AA when rect falls on integers." 2018-05-25 mtklein@chromium.org wouldn't it be nice? 2018-05-29 brianosman@google.com Added drawAtlas support to SkDebugCanvas 2018-05-29 angle-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll third_party/externals/angle2 bcf467f..1e91374 (1 commits) 2018-05-29 fmalita@chromium.org Clean up modules/skottie/BUILD.gn 2018-05-29 swiftshader-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll third_party/externals/swiftshader 9d93107..4b74373 (3 commits) 2018-05-25 bsalomon@google.com Make GrTextureOp disable coverage AA when rect falls on integers. 2018-05-29 kjlubick@google.com Fix fuzz+Skottie integration Created with: gclient setdep -r src/third_party/skia@bfb2a05 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel BUG= chromium:838978 TBR=rmistry@chromium.org Change-Id: I44038547b25fa9aa0d3bbe7e0eaea219260a9149 Reviewed-on: https://chromium-review.googlesource.com/1076686 Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#562532} [modify] https://crrev.com/98fbdc4bd6518cc02195809f95b27c524036b4d3/DEPS
,
May 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/69d57142b87fd016ebc1312d02fb38be9f10c0ff commit 69d57142b87fd016ebc1312d02fb38be9f10c0ff Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Tue May 29 22:31:29 2018 Roll src/third_party/skia bfb2a05..8363be1 (7 commits) https://skia.googlesource.com/skia.git/+log/bfb2a05..8363be1 git log bfb2a05..8363be1 --date=short --no-merges --format='%ad %ae %s' 2018-05-29 brianosman@google.com SkDrawCommand cleanup 2018-05-29 mtklein@chromium.org remove bit, srgbnl config in DM 2018-05-29 fmalita@chromium.org [skottie] Animation::animationTick() -> Animation::seek() 2018-05-29 csmartdalton@google.com Update MoltenVK to 43130ab27a8b2e9eaf9e28b70b64f14b20c3b7bb 2018-05-29 jcgregorio@google.com [fiddle] Init gpu using the GLTestContext. 2018-05-29 rmistry@google.com Revert "GrTessellator: fix for ping-pong split fuzzer hang." 2018-05-24 herb@google.com Rename GrAtlasTextBlob -> GrTextBlob Created with: gclient setdep -r src/third_party/skia@8363be1 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel BUG= chromium:838978 TBR=rmistry@chromium.org Change-Id: I31f52dae6e222204175b9c6b48e649c4e8421821 Reviewed-on: https://chromium-review.googlesource.com/1077088 Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#562635} [modify] https://crrev.com/69d57142b87fd016ebc1312d02fb38be9f10c0ff/DEPS
,
May 31 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/53a0298de3de8f7b2f2299675b91ae293724d37d commit 53a0298de3de8f7b2f2299675b91ae293724d37d Author: Stephen White <senorblanco@chromium.org> Date: Thu May 31 10:48:06 2018 GrTessellator: fix for ping-pong split fuzzer hang. When support for out-of-range intersections was added in 3b5a3fa8b1c11d4bd4499b040311f4c3553ebf8c, it was intended to support splitting edges that are almost flat, where merging with the top or bottom vertex would cause visual artifacts. However, it triggers too often for other, non-nearly-flat cases, causing simplify() to loop infinitely. The fix is to support out-of-range intersections only if they differ by 1/2 machine epsilon. This also generalizes the out_of_range_and_collinear() check, so it was removed. Bug: 838978 Change-Id: I238f2b90e4b7ad647ecf072427ee38726e549581 Reviewed-on: https://skia-review.googlesource.com/130458 Reviewed-by: Stephen White <senorblanco@chromium.org> [modify] https://crrev.com/53a0298de3de8f7b2f2299675b91ae293724d37d/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/53a0298de3de8f7b2f2299675b91ae293724d37d/src/gpu/GrTessellator.cpp
,
Jun 1 2018
ClusterFuzz has detected this issue as fixed in range 563253:563267. Detailed report: https://clusterfuzz.com/testcase?key=4714244881514496 Fuzzer: inferno_canvas_wrecker Job Type: mac_asan_chrome Platform Id: mac Crash Type: Abrt Crash Address: 0x7fff96c20f06 Crash State: sk_abort_no_print SkArenaAlloc::ensureSpace split_edge Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=493120:493198 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=563253:563267 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4714244881514496 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 1 2018
ClusterFuzz testcase 4714244881514496 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, May 2 2018Labels: Test-Predator-Auto-Components