Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(398)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: fuzzer/go/frontend/data/testdata/parse-asan-double.asan

Issue 1668543004: Add AddressSanitizer to fuzzer analysis (Closed) Base URL: https://skia.googlesource.com/buildbot@remove-old-tests
Patch Set: add multi threaded delete Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« fuzzer/go/common/version_watcher.go ('K') | « fuzzer/go/frontend/data/stacktrace_test.go ('k') | fuzzer/go/frontend/data/testdata/parse-asan-single.asan » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 Decoding
2 Rendering
3 =================================================================
4 ==66109==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60d00000d000 at pc 0x0000007f17a3 bp 0x7fffbad7bde0 sp 0x7fffbad7bdd8
5 READ of size 4 at 0x60d00000d000 thread T0
6 #0 0x7f17a2 in SkReader32::readInt_asan() /tmp/skia/out/Release/../../src/co re/SkReader32.h:57:25
7 #1 0x7efb0d in SkPicturePlayback::handleOp(SkReader32*, DrawType, unsigned i nt, SkCanvas*, SkMatrix const&) /tmp/skia/out/Release/../../src/core/SkPicturePl ayback.cpp:151:31
8 #2 0x7ef5ee in SkPicturePlayback::draw(SkCanvas*, SkPicture::AbortCallback*) /tmp/skia/out/Release/../../src/core/SkPicturePlayback.cpp:111:9
9 #3 0x7e63b8 in SkPicture::Forwardport(SkPictInfo const&, SkPictureData const *) /tmp/skia/out/Release/../../src/core/SkPicture.cpp:137:5
10 #4 0x7e6552 in SkPicture::CreateFromStream(SkStream*, bool (*)(void const*, unsigned long, SkBitmap*), SkTypefacePlayback*) /tmp/skia/out/Release/../../src/ core/SkPicture.cpp:154:12
11 #5 0x724933 in fuzz_skp(SkData*) /tmp/skia/out/Release/../../fuzz/fuzz.cpp:1 43:33
12 #6 0x724074 in main /tmp/skia/out/Release/../../fuzz/fuzz.cpp:54:30
13 #7 0x7fa6ece70ec4 in __libc_start_main /tmp/tmp.Htw1L27e9P/csu/libc-start.c: 287
14 #8 0x67bfcf in _start (/tmp/executables/skpicture/analyzer1/fuzz_asan_releas e+0x67bfcf)
15
16 0x60d00000d000 is located 12 bytes to the right of 132-byte region [0x60d00000cf 70,0x60d00000cff4)
17 allocated by thread T0 here:
18 #0 0x702f92 in __interceptor_malloc (/tmp/executables/skpicture/analyzer1/fu zz_asan_release+0x702f92)
19 #1 0xc04b91 in sk_malloc_flags(unsigned long, unsigned int) /tmp/skia/out/Re lease/../../src/ports/SkMemory_malloc.cpp:54:15
20 #2 0x752d1b in SkData::PrivateNewWithCopy(void const*, unsigned long) /tmp/s kia/out/Release/../../src/core/SkData.cpp:73:28
21 #3 0x7533b6 in SkData::NewFromStream(SkStream*, unsigned long) /tmp/skia/out /Release/../../src/core/SkData.cpp:188:26
22 #4 0x7ea6f1 in SkPictureData::parseStreamTag(SkStream*, unsigned int, unsign ed int, bool (*)(void const*, unsigned long, SkBitmap*), SkTypefacePlayback*) /t mp/skia/out/Release/../../src/core/SkPictureData.cpp:361:23
23 #5 0x7eb040 in SkPictureData::parseStream(SkStream*, bool (*)(void const*, u nsigned long, SkBitmap*), SkTypefacePlayback*) /tmp/skia/out/Release/../../src/c ore/SkPictureData.cpp:589:14
24 #6 0x7eaf7d in SkPictureData::CreateFromStream(SkStream*, SkPictInfo const&, bool (*)(void const*, unsigned long, SkBitmap*), SkTypefacePlayback*) /tmp/skia /out/Release/../../src/core/SkPictureData.cpp:562:10
25 #7 0x7e6530 in SkPicture::CreateFromStream(SkStream*, bool (*)(void const*, unsigned long, SkBitmap*), SkTypefacePlayback*) /tmp/skia/out/Release/../../src/ core/SkPicture.cpp:153:13
26 #8 0x724933 in fuzz_skp(SkData*) /tmp/skia/out/Release/../../fuzz/fuzz.cpp:1 43:33
27 #9 0x724074 in main /tmp/skia/out/Release/../../fuzz/fuzz.cpp:54:30
28 #10 0x7fa6ece70ec4 in __libc_start_main /tmp/tmp.Htw1L27e9P/csu/libc-start.c :287
29
30 SUMMARY: AddressSanitizer: heap-buffer-overflow /tmp/skia/out/Release/../../src/ core/SkReader32.h:57 SkReader32::readInt()
31 Shadow bytes around the buggy address:
32 0x0c1a7fff99b0: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
33 0x0c1a7fff99c0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
34 0x0c1a7fff99d0: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
35 0x0c1a7fff99e0: fd fd fd fd fd fa fa fa fa fa fa fa fa fa 00 00
36 0x0c1a7fff99f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fa
37 =>0x0c1a7fff9a00:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
38 0x0c1a7fff9a10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
39 0x0c1a7fff9a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
40 0x0c1a7fff9a30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
41 0x0c1a7fff9a40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
42 0x0c1a7fff9a50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
43 Shadow byte legend (one shadow byte represents 8 application bytes):
44 Addressable: 00
45 Partially addressable: 01 02 03 04 05 06 07
46 Heap left redzone: fa
47 Heap right redzone: fb
48 Freed heap region: fd
49 Stack left redzone: f1
50 Stack mid redzone: f2
51 Stack right redzone: f3
52 Stack partial redzone: f4
53 Stack after return: f5
54 Stack use after scope: f8
55 Global redzone: f9
56 Global init order: f6
57 Poisoned by user: f7
58 Container overflow: fc
59 Array cookie: ac
60 Intra object redzone: bb
61 ASan internal: fe
62 Left alloca redzone: ca
63 Right alloca redzone: cb
64 ==66109==ABORTING
OLDNEW
« fuzzer/go/common/version_watcher.go ('K') | « fuzzer/go/frontend/data/stacktrace_test.go ('k') | fuzzer/go/frontend/data/testdata/parse-asan-single.asan » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698