New issue
Advanced search Search tips

Issue 847805 link

Starred by 1 user
Status: WontFix
Owner:
scroggo@chromium.org
Closed: May 2018
Cc:
scroggo@chromium.org
fmalita@chromium.org
scro...@google.com
hcm@chromium.org
herb@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Bus in __msan_memset

Project Member Reported by ClusterFuzz, May 30 2018 
Detailed report: https://clusterfuzz.com/testcase?key=4876145833803776

Fuzzer: noel-image-flip
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Bus
Crash Address: 0x7f2841a66000
Crash State:
  __msan_memset
  SkPixmap::erase
  SkBitmap::erase
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=535692:535694

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4876145833803776

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.

Comment 1 by pnangunoori@chromium.org, May 31 2018

Cc: herb@google.com fmalita@chromium.org
Components: Internals>Skia
Labels: M-67 Test-Predator-Wrong
Owner: herb@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.
Using the code search for the file, “SkPixmap.cpp” assigning to concern owner from GIT blame.

Suspecting Commit#
https://skia.googlesource.com/skia.git/+/78663f9dad1235e47c2fa9cfd1a9dd979d373871

@herb -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.

Also, CC'ing the reviewer of the above CL - fmalita@

Thank You.

Comment 2 by herb@google.com, May 31 2018

Cc: scro...@google.com
Owner: scroggo@chromium.org
It looks like the BMP decode produced dubious data.

Comment 3 by scroggo@chromium.org, May 31 2018

Status: WontFix (was: Assigned)
The image in question is 31,232 x 16,385. At 4 bytes per pixel, that's 2,046,945,280 bytes, or approximately 2 gigs.

erase attempts to set all of those bytes to 0 in one pass.

Chromium will display this file, though it is slow to load/render.

We've seen other issues of attempting to allocate too much memory leading to failure. See issue 820889 and issue 813489.
bad.bmp
586 bytes Download
Project Member

Comment 4 by ClusterFuzz, Jun 7 2018

Labels: Needs-Feedback
ClusterFuzz testcase 4876145833803776 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 5 by scroggo@chromium.org, Jun 7 2018

Labels: ClusterFuzz-Ignore

Comment 6 by scroggo@chromium.org, Jun 13 2018

Cc: hcm@chromium.org scroggo@chromium.org
 Issue 828006  has been merged into this issue.
Project Member

Comment 7 by ClusterFuzz, Nov 1 

ClusterFuzz has detected this issue as fixed in range 604477:604485.

Detailed report: https://clusterfuzz.com/testcase?key=4876145833803776

Fuzzer: noel-image-flip
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Bus
Crash Address: 0x7f2841a66000
Crash State:
  __msan_memset
  SkPixmap::erase
  SkBitmap::erase
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=535692:535694
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=604477:604485

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4876145833803776

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment