SkAsserts in SkTileImageFilter::onImageFilter |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5075598712766464 Fuzzer: libFuzzer_paint_op_buffer_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Abrt Crash Address: 0x053900001589 Crash State: sk_abort_no_print SkTileImageFilter::onFilterImage SkTileImageFilter::onFilterImage Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=555638:555648 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5075598712766464 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jun 2 2018
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Jun 5 2018
bsalomon: sending this to you for triage. Looking at the code, I don't think anything malicious happens if these asserts don't fire (commenting them out doesn't cause any complaints other than just probably incorrectness). It seems like potentially a real bug, or a bad assert. It's hitting this assert: https://skia.googlesource.com/skia/+/fd6a52cc84364208f65f1ee52644192d6855ab0e/src/effects/SkTileImageFilter.cpp#100 It's going down the subset = input->asImage(&srcIRect) path, which is surprising that then subset->width() != srcIRect.width(). It looks like subset is 16x16 and srcIRect is {fLeft = 0, fTop = 0, fRight = 4, fBottom = 2}.
,
Jun 5 2018
CC'ing Rob as he is the person most likely to have insight here and assigning Greg (Skia GPU Wrangler).
,
Jun 5 2018
Passing to Rob
,
Jun 13 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/db3b979ba18e11052c4f88856dacc0bb7799525a commit db3b979ba18e11052c4f88856dacc0bb7799525a Author: Robert Phillips <robertphillips@google.com> Date: Wed Jun 13 13:50:36 2018 Fix IsFunctionallyExact Bug: 849034 Change-Id: Icfef534433495e5ad5ab1f3abad05957a0e70a31 Reviewed-on: https://skia-review.googlesource.com/134333 Reviewed-by: Brian Salomon <bsalomon@google.com> Commit-Queue: Robert Phillips <robertphillips@google.com> [modify] https://crrev.com/db3b979ba18e11052c4f88856dacc0bb7799525a/src/gpu/GrProxyProvider.cpp [modify] https://crrev.com/db3b979ba18e11052c4f88856dacc0bb7799525a/src/core/SkSpecialImage.cpp
,
Jun 14 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6b91daa8df790da14d7ba894b7c769a227736653 commit 6b91daa8df790da14d7ba894b7c769a227736653 Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Thu Jun 14 04:02:00 2018 Roll src/third_party/skia fdcfb8b7c23f..657edbede4e3 (27 commits) https://skia.googlesource.com/skia.git/+log/fdcfb8b7c23f..657edbede4e3 git log fdcfb8b7c23f..657edbede4e3 --date=short --no-merges --format='%ad %ae %s' 2018-06-13 bungeman@google.com Remove SkBool8 (again). 2018-06-13 angle-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll third_party/externals/angle2 3e313805e5a2..4cc753e01054 (8 commits) 2018-06-13 bungeman@google.com Adjust FreeType matrix based on what came back. 2018-06-13 csmartdalton@google.com ccpr: Initialize the atlas size more intelligently 2018-06-13 fmalita@chromium.org Handle missing json resource gracefully in 3dgm 2018-06-13 recipe-roller@chromium.org Roll recipe dependencies (trivial). 2018-06-13 benjaminwagner@google.com Update Win version in Skolo. 2018-06-13 bungeman@google.com Remove SkString fwd decl from SkTypes.h. 2018-06-13 robertphillips@google.com Revert "Add --gpuThreads support to skpbench.py" 2018-06-13 recipe-roller@chromium.org Roll recipe dependencies (trivial). 2018-06-13 mtklein@google.com Revert "simplify SkTFitsIn, try 2" 2018-06-13 mtklein@google.com Revert "use std::enable_if instead of assert()" 2018-06-13 robertphillips@google.com Add --gpuThreads support to skpbench.py 2018-06-13 robertphillips@google.com Pull non-substantive changes out of omnibus CL 2018-06-13 egdaniel@google.com Remove unused code that was used for late mip allocations. 2018-06-13 egdaniel@google.com Fix ImageTest to check if gpu mip maps are supported. 2018-06-13 caryclark@skia.org minor fixes to SkRRect 2018-06-13 khushalsagar@chromium.org fonts: Ignore re-initialization of fallback glyphs from the server. 2018-06-13 mtklein@chromium.org use std::enable_if instead of assert() 2018-06-13 mtklein@chromium.org Does everyone support __has_include() now? 2018-06-13 bungeman@google.com Remove SkMulDiv. 2018-06-13 bungeman@google.com Always FreeType autohint when requested. 2018-06-13 timliang@google.com consolidated writing fields logic and added more builtins for skslc msl backend 2018-06-13 egdaniel@google.com Allow caller to specify if the want mip maps in makeTextureImage call. 2018-06-13 angle-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll third_party/externals/angle2 7ce4a15115cb..3e313805e5a2 (2 commits) 2018-06-13 mtklein@chromium.org simplify SkTFitsIn, try 2 2018-06-13 robertphillips@google.com Fix IsFunctionallyExact Created with: gclient setdep -r src/third_party/skia@657edbede4e3 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel BUG= chromium:829622 , chromium:834837 , chromium:849034 TBR=csmartdalton@chromium.org Change-Id: If651c755d8ea6b2cf1bb3c8f84e8709e80f352a4 Reviewed-on: https://chromium-review.googlesource.com/1100316 Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#567125} [modify] https://crrev.com/6b91daa8df790da14d7ba894b7c769a227736653/DEPS
,
Jun 14 2018
ClusterFuzz has detected this issue as fixed in range 567121:567136. Detailed report: https://clusterfuzz.com/testcase?key=5075598712766464 Fuzzer: libFuzzer_paint_op_buffer_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Abrt Crash Address: 0x053900001589 Crash State: sk_abort_no_print SkTileImageFilter::onFilterImage SkTileImageFilter::onFilterImage Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=555638:555648 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=567121:567136 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5075598712766464 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 14 2018
ClusterFuzz testcase 5075598712766464 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Jun 2 2018Labels: Test-Predator-Auto-Components