Stack-overflow in merge_collinear_edges |
|||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6719843324395520 Fuzzer: inferno_canvas_wrecker Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff5e981f88 Crash State: merge_collinear_edges Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6719843324395520 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jun 16 2018
,
Jun 23 2018
,
Jun 26 2018
Reduced Skia test case which exhibits the issue. Note: is not affected by disabling the "nearly_flat()" exception.
,
Jun 28 2018
,
Jun 28 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/3de40f8bee6db21e61ccabcb3f7130796c017a06 commit 3de40f8bee6db21e61ccabcb3f7130796c017a06 Author: Stephen White <senorblanco@chromium.org> Date: Thu Jun 28 14:07:47 2018 GrTessellator: handle collinear final vertex. If the last vertex in a contour is collinear with its neighbours, remove it (this edge case was missing). Otherwise, the simplify step may try to split it indefinitely. Bug: 851409 Change-Id: I7efa4e616cdc1508a73c7a9f3de9d3f571569af8 Reviewed-on: https://skia-review.googlesource.com/138106 Reviewed-by: Robert Phillips <robertphillips@google.com> Commit-Queue: Stephen White <senorblanco@chromium.org> [modify] https://crrev.com/3de40f8bee6db21e61ccabcb3f7130796c017a06/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/3de40f8bee6db21e61ccabcb3f7130796c017a06/src/gpu/GrTessellator.cpp
,
Jun 28 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e6c92b0b567936853f0fa76d1f28ae08683528f2 commit e6c92b0b567936853f0fa76d1f28ae08683528f2 Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Thu Jun 28 17:02:00 2018 Roll src/third_party/skia 385804514edf..fcb04d853ec4 (4 commits) https://skia.googlesource.com/skia.git/+log/385804514edf..fcb04d853ec4 git log 385804514edf..fcb04d853ec4 --date=short --no-merges --format='%ad %ae %s' 2018-06-28 angle-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll third_party/externals/angle2 26581113047a..a26de2500503 (2 commits) 2018-06-28 senorblanco@chromium.org GrTessellator: handle collinear final vertex. 2018-06-28 caryclark@skia.org fix doc catalog 2018-06-28 brianosman@google.com Revert "Revert "Temporary fix for SkImage_Lazy handling of color spaces"" Created with: gclient setdep -r src/third_party/skia@fcb04d853ec4 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel BUG= chromium:851409 TBR=jcgregorio@chromium.org Change-Id: Id3edcb82a300a5a5a2eadb463682fb24b7ba1fb7 Reviewed-on: https://chromium-review.googlesource.com/1118505 Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#571164} [modify] https://crrev.com/e6c92b0b567936853f0fa76d1f28ae08683528f2/DEPS
,
Jun 29 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/26bb0e66f28c41cb1e8e39f00d848997fd33d97c commit 26bb0e66f28c41cb1e8e39f00d848997fd33d97c Author: Stephen White <senorblanco@chromium.org> Date: Fri Jun 29 18:02:27 2018 GrTessellator: handle three consecutive collinear edges. In some cases, splitting may produce three consecutive edges which are collinear. The first one was being merged out, causing the third one to be missed. The fix is to switch the arguments to merge_edges_*, ensuring that the second parameter (the destination edge) is never merged out. Bug: 851409 . Change-Id: I70fbbc506e97a26b259c1443b6d1787adec0f9b0 Reviewed-on: https://skia-review.googlesource.com/138561 Reviewed-by: Robert Phillips <robertphillips@google.com> Commit-Queue: Stephen White <senorblanco@chromium.org> [modify] https://crrev.com/26bb0e66f28c41cb1e8e39f00d848997fd33d97c/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/26bb0e66f28c41cb1e8e39f00d848997fd33d97c/src/gpu/GrTessellator.cpp
,
Jun 29 2018
The following revision refers to this bug: https://skia.googlesource.com/skia/+/a898f04e68536b56ad18523c0ee2cc6eade3efe9 commit a898f04e68536b56ad18523c0ee2cc6eade3efe9 Author: Mike Klein <mtklein@google.com> Date: Fri Jun 29 18:26:18 2018 Revert "GrTessellator: handle three consecutive collinear edges." This reverts commit 26bb0e66f28c41cb1e8e39f00d848997fd33d97c. Reason for revert: segfaulty Here's a log with a stacktrace: https://chromium-swarm.appspot.com/task?id=3e658f7aa40dbb10&refresh=10 Original change's description: > GrTessellator: handle three consecutive collinear edges. > > In some cases, splitting may produce three consecutive edges which > are collinear. The first one was being merged out, causing the third > one to be missed. > > The fix is to switch the arguments to merge_edges_*, ensuring that the > second parameter (the destination edge) is never merged out. > > Bug: 851409 . > Change-Id: I70fbbc506e97a26b259c1443b6d1787adec0f9b0 > Reviewed-on: https://skia-review.googlesource.com/138561 > Reviewed-by: Robert Phillips <robertphillips@google.com> > Commit-Queue: Stephen White <senorblanco@chromium.org> TBR=robertphillips@google.com,senorblanco@chromium.org Change-Id: I6ecfb4c487d6f96e9fae7b8b40d74162354ed57c No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 851409 . Reviewed-on: https://skia-review.googlesource.com/138640 Reviewed-by: Mike Klein <mtklein@google.com> Commit-Queue: Mike Klein <mtklein@google.com> [modify] https://crrev.com/a898f04e68536b56ad18523c0ee2cc6eade3efe9/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/a898f04e68536b56ad18523c0ee2cc6eade3efe9/src/gpu/GrTessellator.cpp
,
Jun 29 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0c959ef0798e05a070a0bbf30e0de291505373d9 commit 0c959ef0798e05a070a0bbf30e0de291505373d9 Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Fri Jun 29 21:13:10 2018 Roll src/third_party/skia c91fe3ab1c5d..184d408b646b (10 commits) https://skia.googlesource.com/skia.git/+log/c91fe3ab1c5d..184d408b646b git log c91fe3ab1c5d..184d408b646b --date=short --no-merges --format='%ad %ae %s' 2018-06-29 recipe-roller@chromium.org Roll recipe dependencies (trivial). 2018-06-29 ruiqimao@google.com skeletal animation support added to API and software backend 2018-06-29 mtklein@chromium.org update and skip accepts check in lexers 2018-06-29 brianosman@google.com Update ImGui to v1.62 (June 22, 2018) 2018-06-29 recipe-roller@chromium.org Roll recipe dependencies (trivial). 2018-06-29 mtklein@google.com Revert "GrTessellator: handle three consecutive collinear edges." 2018-06-29 enne@chromium.org Fix chrome memory dump crashes using out of process strike caches 2018-06-29 senorblanco@chromium.org GrTessellator: handle three consecutive collinear edges. 2018-06-29 fmalita@chromium.org [skottie] Fix 'subtract' masks 2018-06-29 recipe-roller@chromium.org Roll recipe dependencies (trivial). Created with: gclient setdep -r src/third_party/skia@184d408b646b The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel BUG= chromium:851409 .,chromium:851409. TBR=jcgregorio@chromium.org Change-Id: I6c4ed70c86826c5e2077314c243d352d238a02bb Reviewed-on: https://chromium-review.googlesource.com/1121049 Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#571629} [modify] https://crrev.com/0c959ef0798e05a070a0bbf30e0de291505373d9/DEPS
,
Jul 2
The following revision refers to this bug: https://skia.googlesource.com/skia/+/24289e05d55ccdc04ef239c7972d2b52e402ad0f commit 24289e05d55ccdc04ef239c7972d2b52e402ad0f Author: Stephen White <senorblanco@chromium.org> Date: Mon Jul 02 21:03:43 2018 GrTessellator: handle three consecutive collinear edges. In some cases, splitting may produce three consecutive edges which are collinear. The first one was being merged out, causing the third one to be missed. The fix is to switch the arguments to merge_edges_*, ensuring that the second parameter (the destination edge) is never merged out. Bug: 851409 Change-Id: I65be2e8222846c99f7bc8d17ea61ddead617cc31 Reviewed-on: https://skia-review.googlesource.com/138700 Reviewed-by: Robert Phillips <robertphillips@google.com> Commit-Queue: Stephen White <senorblanco@chromium.org> [modify] https://crrev.com/24289e05d55ccdc04ef239c7972d2b52e402ad0f/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/24289e05d55ccdc04ef239c7972d2b52e402ad0f/src/gpu/GrTessellator.cpp
,
Jul 2
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f357cd72beb4b22fc5da8e2ebb2bd9f531cbf8df commit f357cd72beb4b22fc5da8e2ebb2bd9f531cbf8df Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Mon Jul 02 23:55:59 2018 Roll src/third_party/skia 5155d38fdcd4..ef21d7e47963 (7 commits) https://skia.googlesource.com/skia.git/+log/5155d38fdcd4..ef21d7e47963 git log 5155d38fdcd4..ef21d7e47963 --date=short --no-merges --format='%ad %ae %s' 2018-07-02 timliang@google.com implement onreadpixels for metal gpu backend 2018-07-02 senorblanco@chromium.org GrTessellator: handle three consecutive collinear edges. 2018-07-02 timliang@google.com implemented wrapped backend texture/rendertarget/textureRT for Metal gpu backend 2018-07-02 halcanary@google.com Simplify GrGLInterface::abandon 2018-07-02 skcms-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll skia/third_party/skcms 0977edc92270..9d19e2abf000 (4 commits) 2018-07-02 brianosman@google.com Remove sRGB config checks based on color space 2018-07-02 skcms-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll skia/third_party/skcms 99b01c076f47..0977edc92270 (1 commits) Created with: gclient setdep -r src/third_party/skia@ef21d7e47963 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel BUG= chromium:851409 TBR=ethannicholas@chromium.org Change-Id: Ib1d63293fa9961e041a34f0bad7b4f031e34689c Reviewed-on: https://chromium-review.googlesource.com/1123279 Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#572050} [modify] https://crrev.com/f357cd72beb4b22fc5da8e2ebb2bd9f531cbf8df/DEPS
,
Jul 3
ClusterFuzz has detected this issue as fixed in range 572046:572051. Detailed report: https://clusterfuzz.com/testcase?key=6719843324395520 Fuzzer: inferno_canvas_wrecker Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff5e981f88 Crash State: merge_collinear_edges Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=565886:565888 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=572046:572051 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6719843324395520 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 3
ClusterFuzz testcase 6719843324395520 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by brajkumar@chromium.org
, Jun 13 2018Components: Internals>Skia
Labels: M-69 Test-Predator-Wrong
Owner: senorblanco@chromium.org
Status: Assigned (was: Untriaged)