Null-dereference READ in Edge::intersect |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5382767341469696 Fuzzer: inferno_canvas_wrecker Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: Edge::intersect check_for_intersection simplify Sanitizer: cfi (CFI) Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=572044:572074 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5382767341469696 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 5
Automatically assigning owner based on suspected regression changelist https://skia.googlesource.com/skia/+/24289e05d55ccdc04ef239c7972d2b52e402ad0f (GrTessellator: handle three consecutive collinear edges.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jul 9
,
Jul 13
The following revision refers to this bug: https://skia.googlesource.com/skia/+/1c5fd18927d5a128a12d7d5fe27f08d898be1e5b commit 1c5fd18927d5a128a12d7d5fe27f08d898be1e5b Author: Stephen White <senorblanco@chromium.org> Date: Fri Jul 13 03:00:24 2018 GrTessellator: missing intersection rewind fix. Some "missing" intersections (see https://skia.googlesource.com/skia/+/89042d5f13a56d6b663657aa58f17593123a344e) cause the active edge list to go out of order. In that case, we need to rewind the active list, just as we do before edge splitting for regular intersections. BUG= 860453 Change-Id: I1f7b32157a73b427a4fd94c14c1eb440f26c0743 Reviewed-on: https://skia-review.googlesource.com/141038 Reviewed-by: Robert Phillips <robertphillips@google.com> Commit-Queue: Stephen White <senorblanco@chromium.org> [modify] https://crrev.com/1c5fd18927d5a128a12d7d5fe27f08d898be1e5b/tests/TessellatingPathRendererTests.cpp [modify] https://crrev.com/1c5fd18927d5a128a12d7d5fe27f08d898be1e5b/src/gpu/GrTessellator.cpp
,
Jul 13
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e29aca033843557b84c4478218d5e4a53c9b7ada commit e29aca033843557b84c4478218d5e4a53c9b7ada Author: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Date: Fri Jul 13 09:56:31 2018 Roll src/third_party/skia 9cdbf1942de5..ebd37e2af478 (4 commits) https://skia.googlesource.com/skia.git/+log/9cdbf1942de5..ebd37e2af478 git log 9cdbf1942de5..ebd37e2af478 --date=short --no-merges --format='%ad %ae %s' 2018-07-13 angle-skia-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com Roll third_party/externals/angle2 1617e69e3883..523c5e3122ed (1 commits) 2018-07-13 skia-bookmaker@skia-swarming-bots.iam.gserviceaccount.com Update markdown files 2018-07-13 herb@google.com Introduce text blob processing but don't wire it up 2018-07-13 senorblanco@chromium.org GrTessellator: missing intersection rewind fix. Created with: gclient setdep -r src/third_party/skia@ebd37e2af478 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel BUG= chromium:860453 TBR=robertphillips@chromium.org Change-Id: I7a9b09b5ea246091a518875be4fe8024db9a196b Reviewed-on: https://chromium-review.googlesource.com/1135355 Reviewed-by: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Commit-Queue: skia-chromium-autoroll <skia-chromium-autoroll@skia-buildbots.google.com.iam.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#574871} [modify] https://crrev.com/e29aca033843557b84c4478218d5e4a53c9b7ada/DEPS
,
Jul 14
ClusterFuzz has detected this issue as fixed in range 574866:574879. Detailed report: https://clusterfuzz.com/testcase?key=5382767341469696 Fuzzer: inferno_canvas_wrecker Job Type: linux_cfi_chrome Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: Edge::intersect check_for_intersection simplify Sanitizer: cfi (CFI) Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=572044:572074 Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_chrome&range=574866:574879 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5382767341469696 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 14
ClusterFuzz testcase 5382767341469696 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Jul 5Labels: Test-Predator-Auto-Components