New issue
Advanced search Search tips

Issue 854110 link

Starred by 1 user
Status: WontFix
Owner:
enne@chromium.org
Closed: Jun 2018
Cc:
brianosman@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

SkColorspace hash collision assert

Project Member Reported by ClusterFuzz, Jun 19 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5972879511126016

Fuzzer: libFuzzer_transfer_cache_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x05390000767f
Crash State:
  sk_abort_no_print
  SkColorSpace::Equals
  SkColorSpace::Equals
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=541281:541296

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5972879511126016

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Jun 19 2018

Components: Internals>Skia
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Jun 19 2018

Labels: Test-Predator-Auto-Owner
Owner: enne@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/b346beb380ac646762daa5c561d088afc12f6877 (oop: Add transfer cache deserialization fuzzer).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by enne@chromium.org, Jun 19 2018

Cc: brianosman@google.com
Status: WontFix (was: Assigned)
Summary: SkColorspace hash collision assert (was: Abrt in sk_abort_no_print)
I think from a security perspective, I think this is not an issue.  It just means that the image will reuse the wrong color space if SkImage::makeColorSpace is called with a colorspace that has an XYZD50 hash collision.

CCing brianosman in case you wanted a case where there was such a hash collision or wanted to do anything here about such cases.

Comment 4 by brianosman@google.com, Jun 19 2018 

Thanks, enne. Agreed, this isn't dangerous.
Project Member

Comment 5 by ClusterFuzz, Jun 26 2018

Labels: Needs-Feedback
ClusterFuzz testcase 5972879511126016 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 6 by brianosman@google.com, Jun 26 2018

Labels: ClusterFuzz-Ignore
Project Member

Comment 7 by ClusterFuzz, Jul 14 

ClusterFuzz has detected this issue as fixed in range 574860:574862.

Detailed report: https://clusterfuzz.com/testcase?key=5972879511126016

Fuzzer: libFuzzer_transfer_cache_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x05390000767f
Crash State:
  sk_abort_no_print
  SkColorSpace::Equals
  SkColorSpace::Equals
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=541281:541296
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=574860:574862

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5972879511126016

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment