New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 883588 link

Starred by 1 user
Status: Fixed
Owner:
rameier@chromium.org
Last visit 15 days ago
Closed: Sep 25
Cc:
peria@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 2
Type: ----



Sign in to add a comment

BrowserThemePackTest.CanBuildAndReadPack failing on multiple builders

Project Member Reported by sheriff-...@appspot.gserviceaccount.com, Sep 13

Comment 1 by peria@chromium.org, Sep 13

Labels: OS-Linux OS-Mac
Owner: rameier@chromium.org
Changes in the test file in https://chromium-review.googlesource.com/c/chromium/src/+/1182412 introduced this failure, I guess.

Ryan, could you take a look?

Comment 2 by tasak@google.com, Sep 13 

FYI: quick hack

diff --git a/ui/gfx/color_analysis.cc b/ui/gfx/color_analysis.cc
index 07c3cfbd79ce..421f629a6ebb 100644
--- a/ui/gfx/color_analysis.cc
+++ b/ui/gfx/color_analysis.cc
@@ -719,6 +719,9 @@ SkColor CalculateKMeanColorOfBitmap(const SkBitmap& bitmap,
   int pixel_count = bitmap.width() * height;
   std::unique_ptr<uint32_t[]> image(new uint32_t[pixel_count]);
   UnPreMultiply(bitmap, image.get(), pixel_count);
+  if (bitmap.height() < height)
+    memset(image.get() + bitmap.width() * bitmap.height(), 0,
+           sizeof(uint32_t) * bitmap.width() * (height - bitmap.height()));
 
   GridSampler sampler;
   return CalculateKMeanColorOfBuffer(reinterpret_cast<uint8_t*>(image.get()),


---
c.f.
[ RUN      ] BrowserThemePackTest.CanBuildAndReadPack
==3289==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x1dafd273 in color_utils::CalculateKMeanColorOfBuffer(unsigned char*, int, int, color_utils::HSL const&, color_utils::HSL const&, color_utils::KMeanImageSampler*, bool) ./../../ui/gfx/color_analysis.cc:569:13

        uint8_t a = decoded_data[pixel_pos * 4 + 3];
        // Skip fully transparent pixels as they usually contain black in their
        // RGB channels but do not contribute to the visual image.
569     if (a == 0)
          continue;

    decoded_data seems to have uninitialized-value.


    #1 0x1dafdf6c in color_utils::CalculateKMeanColorOfBitmap(SkBitmap const&, int, color_utils::HSL const&, color_utils::HSL const&, bool) ./../../ui/gfx/color_analysis.cc:724:10
    #2 0x1ccf9228 in ComputeColorFromImage ./../../chrome/browser/themes/browser_theme_pack.cc:598:27
    #3 0x1ccf9228 in BrowserThemePack::GenerateWindowControlButtonColor(std::__1::map<int, gfx::Image, std::__1::less<int>, std::__1::allocator<std::__1::pair<int const, gfx::Image> > >*) ./../../chrome/browser/themes/browser_theme_pack.cc:1414:0
    #4 0x1ccedaf8 in BrowserThemePack::BuildFromExtension(extensions::Extension const*, scoped_refptr<BrowserThemePack>) ./../../chrome/browser/themes/browser_theme_pack.cc:644:9
    #5 0x41d86fe in BrowserThemePackTest::BuildFromUnpackedExtension(base::FilePath const&, scoped_refptr<BrowserThemePack>*) ./../../chrome/browser/themes/browser_theme_pack_unittest.cc:228:3
Project Member

Comment 3 by bugdroid1@chromium.org, Sep 13 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3202c17f63c6d9b2dcd7280b652ef089c670cd33

commit 3202c17f63c6d9b2dcd7280b652ef089c670cd33
Author: Hitoshi Yoshida <peria@chromium.org>
Date: Thu Sep 13 04:57:31 2018

Sheriff: Disable BrowserThemePackTest.CanBuildAndReadPack

This test seems failing on some trybots.

TBR=rameier

Bug:  883588 
Change-Id: I0ef0317e716a9c62292ce63731d5832f7794b943
Reviewed-on: https://chromium-review.googlesource.com/1223348
Reviewed-by: Hitoshi Yoshida <peria@chromium.org>
Commit-Queue: Hitoshi Yoshida <peria@chromium.org>
Cr-Commit-Position: refs/heads/master@{#590927}
[modify] https://crrev.com/3202c17f63c6d9b2dcd7280b652ef089c670cd33/chrome/browser/themes/browser_theme_pack_unittest.cc

Comment 4 by glider@chromium.org, Sep 17

Status: Assigned (was: Available)

Comment 5 by rameier@chromium.org, Sep 18

Status: Started (was: Assigned)
Project Member

Comment 6 by bugdroid1@chromium.org, Sep 24 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b6fa20fa47a48b2aca167b31168f210ae92b39a5

commit b6fa20fa47a48b2aca167b31168f210ae92b39a5
Author: Ryan Meier <rameier@chromium.org>
Date: Mon Sep 24 18:12:04 2018

Prevent image color sampling from accessing unitialized values

When CalculateKMeanColorOfBitmap was called with a desired (sample) height larger than the size of the raw image to sample, it would only initialize the buffer up to the number of pixels in the image (appropriately), but this would result in the buffer containing uninitialized memory at the end.  Changed the function to clamp the input height to the height of the image.  Also simplified the control button background sampling logic in BrowserThemePack to only crop the image when sampling (instead of trying to tile it).

Bug:  883588 
Change-Id: Ief3a27d63bac7e54757c3d3c4dad47d73aa980d9
Reviewed-on: https://chromium-review.googlesource.com/1228126
Commit-Queue: Ryan Meier <rameier@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Michael Wasserman <msw@chromium.org>
Cr-Commit-Position: refs/heads/master@{#593599}
[modify] https://crrev.com/b6fa20fa47a48b2aca167b31168f210ae92b39a5/chrome/browser/themes/browser_theme_pack.cc
[modify] https://crrev.com/b6fa20fa47a48b2aca167b31168f210ae92b39a5/chrome/browser/themes/browser_theme_pack_unittest.cc
[modify] https://crrev.com/b6fa20fa47a48b2aca167b31168f210ae92b39a5/ui/gfx/color_analysis.cc

Comment 7 by rameier@chromium.org, Sep 25

Status: Fixed (was: Started)

Sign in to add a comment