Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in blink::ColorSpaceUtilities::GetColorSpaceGamut |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6230167199154176 Fuzzer: noel-image-flip Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: blink::ColorSpaceUtilities::GetColorSpaceGamut blink::BitmapImageMetrics::CountImageGammaAndGamut blink::ImageDecoder::DecodeFrameBufferAtIndex Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=560792:560795 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6230167199154176 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 15
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/a1f085f591b41ab03ba139cce5141e7157da82cb (Use skcms for color management in blink's decoders). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Aug 15
,
Aug 15
,
Aug 16
,
Aug 16
The following revision refers to this bug: https://skia.googlesource.com/skcms/+/b2fffd2ecf2e47ec2faf811865f9eb934be1c0e1 commit b2fffd2ecf2e47ec2faf811865f9eb934be1c0e1 Author: Brian Osman <brianosman@google.com> Date: Thu Aug 16 12:52:59 2018 Actually support profiles with 1D and 2D CLUTs Parse accepts these, but transform would fail unless input_channels was 3 or 4. The other option would be to fail in parse. We're still pretty sloppy about channel counts in data (pixel formats) vs. what the profile expects. This is obviously a garbage image created by a fuzzer, but are there situations where this is useful? Bug: chromium:874433 Change-Id: Ie9672024e5d7c6b4b6f6a856f9d1454fb53a6cbb Reviewed-on: https://skia-review.googlesource.com/147203 Reviewed-by: Mike Klein <mtklein@google.com> Commit-Queue: Brian Osman <brianosman@google.com> [modify] https://crrev.com/b2fffd2ecf2e47ec2faf811865f9eb934be1c0e1/src/Transform_inl.h [add] https://crrev.com/b2fffd2ecf2e47ec2faf811865f9eb934be1c0e1/profiles/fuzz/one_d_clut.icc [modify] https://crrev.com/b2fffd2ecf2e47ec2faf811865f9eb934be1c0e1/skcms.cc [add] https://crrev.com/b2fffd2ecf2e47ec2faf811865f9eb934be1c0e1/profiles/fuzz/one_d_clut.icc.txt [modify] https://crrev.com/b2fffd2ecf2e47ec2faf811865f9eb934be1c0e1/tests.c
,
Aug 17
ClusterFuzz has detected this issue as fixed in range 583717:583721. Detailed report: https://clusterfuzz.com/testcase?key=6230167199154176 Fuzzer: noel-image-flip Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: blink::ColorSpaceUtilities::GetColorSpaceGamut blink::BitmapImageMetrics::CountImageGammaAndGamut blink::ImageDecoder::DecodeFrameBufferAtIndex Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=560792:560795 Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=583717:583721 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6230167199154176 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 17
ClusterFuzz testcase 6230167199154176 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 17
,
Aug 29
,
Oct 15
,
Nov 23
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Aug 15Labels: Test-Predator-Auto-Components