New issue
Advanced search Search tips

Issue 861581 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Oct 18
Cc:
Components:
EstimatedDays: ----
NextAction: 2018-07-23
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Bus in blink::ImageFrameGenerator::DecodeAndScale

Project Member Reported by ClusterFuzz, Jul 8

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4908240278913024

Fuzzer: inferno_sampler
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: Bus
Crash Address: 0x7f8623607ff0
Crash State:
  blink::ImageFrameGenerator::DecodeAndScale
  blink::DecodingImageGenerator::GetPixels
  cc::PaintImage::DecodeFromGenerator
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=330946:332118

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4908240278913024

Additional requirements: Requires Gestures

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Jul 8

Components: Blink>Paint Internals>Compositing
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Jul 8

Cc: loyso@chromium.org jochen@chromium.org skyos...@chromium.org
Labels: Test-Predator-Auto-CC
Automatically adding ccs based on suspected regression changelists:

Collect separate V8 histograms for Inbox by jochen@chromium.org - https://chromium.googlesource.com/chromium/src/+/2148d82f6d4eee8c19f82302ee8b057b9f233cd6

CC: Plumb LayerSettings parameter for cc::Layer construction. by loyso@chromium.org - https://chromium.googlesource.com/chromium/src/+/a6edaaff54e9b948c64a896edff992c04e63205d

content/renderer: Remove use of MessageLoopProxy and deprecated MessageLoop APIs by skyostil@chromium.org - https://chromium.googlesource.com/chromium/src/+/2d3b5bd3338ffe8ceb6a9691fb7cd2a6388aba8a

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
Cc: -jochen@chromium.org -loyso@chromium.org -skyos...@chromium.org
Labels: Needs-Feedback
NextAction: 2018-07-23
I cannot load the test case. Has it been deleted or something?

I have no idea who to CC, so I'll mark it as needing feedback and try again in a couple of weeks.
Cc: kkaluri@chromium.org
Labels: Test-Predator-Wrong-CLs M-68
Owner: zakerinasab@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL could not provide any possible suspects.

Using Code Search for the file, " image_frame_generator.cc" suspecting the below Cl might have caused this issue

Suspect CL: https://chromium.googlesource.com/chromium/src/+/2cb54ea64b0d374bacc4a5be3e10d0c63a16870c

zakerinasab@ -- Could you please look into this issue.

Thanks!
The NextAction date has arrived: 2018-07-23
Cc: zakerinasab@chromium.org
Owner: ----
Status: Available (was: Assigned)
That CL does not change any behavior. It just plumbs an enum.
Components: -Blink>Paint
Labels: -Needs-Feedback
Test case is available again. Looks like the bad data is coming out of CC, so labeling that way.
Cc: -zakerinasab@chromium.org
Owner: khushals...@chromium.org
Status: Assigned (was: Available)
Project Member

Comment 10 by ClusterFuzz, Oct 18

ClusterFuzz has detected this issue as fixed in range 600661:600679.

Detailed report: https://clusterfuzz.com/testcase?key=4908240278913024

Fuzzer: inferno_sampler
Job Type: linux_asan_chrome_media
Platform Id: linux

Crash Type: Bus
Crash Address: 0x7f8623607ff0
Crash State:
  blink::ImageFrameGenerator::DecodeAndScale
  blink::DecodingImageGenerator::GetPixels
  cc::PaintImage::DecodeFromGenerator
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=330946:332118
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_media&range=600661:600679

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4908240278913024

Additional requirements: Requires Gestures

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 11 by ClusterFuzz, Oct 18

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4908240278913024 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment