Out-of-memory in paint_op_buffer_eq_fuzzer |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5720332499156992 Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: paint_op_buffer_eq_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=596756:596813 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5720332499156992 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 19
Predator has provided 14 possible suspects 1. [AF] Save is_client_validity_states_updated by parastoog@google.com 2. remove deprecated SkBitmap::eraseRGB() by mtklein@google.com 3. remove deprecated SkWriter32::size() by mtklein@google.com 4. Roll third_party/externals/angle2 1395134c3438..5541a6c86a64 (1 commits) by skia-autoroll@skia-public.iam.gserviceaccount.com 5. remove deprecated SkMatrix44::map() 2x by mtklein@google.com 6. Reland "Reland "Implement an explicit binary search-based analytic gradient colorizer"" by michaelludwig@google.com 7. Update go_deps asset by skia-recreate-skps@skia-swarming-bots.iam.gserviceaccount.com 8. remove internal uses of SkColorSpace::toXYZD50() by mtklein@google.com 9. Update YUV GM by robertphillips@google.com 10. Make SkYUVAIndex publicly accessible by robertphillips@google.com 11. hash tf, and whole colorspace by mtklein@google.com 12. ccpr: Unblacklist Sandy Bridge/Bay Trail on Mesa by csmartdalton@google.com 13. Add SkPMColor4f support to SkSL by brianosman@google.com 14. re-precate SkMatrix44::SkMatrix44() by mtklein@google.com Unable to find the possible suspects, hence adding CF-NeedsTriage label
,
Nov 19
enne@, do you have any inputs here?
,
Nov 20
This is crashing because of an allocation of ~2^31 on this line: https://cs.chromium.org/chromium/src/third_party/skia/src/codec/SkIcoCodec.cpp?q=skico&sq=package:chromium&g=0&l=133 I think this is benign. Because this is reading from an SkStream, there's not really a way to know for sure if the stream contains enough for that allocation. So, I think the right thing to do is to lean on malloc to fail there.
,
Nov 20
,
Nov 21
ClusterFuzz has detected this issue as fixed in range 607626:609696. Detailed report: https://clusterfuzz.com/testcase?key=5720332499156992 Fuzzer: libFuzzer_paint_op_buffer_eq_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: paint_op_buffer_eq_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=596756:596813 Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=607626:609696 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5720332499156992 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Nov 19Labels: ClusterFuzz-Auto-CC