Issue metadata
Sign in to add a comment
|
Heap-use-after-free in ir_dereference_variable::ir_dereference_variable |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4602985832775680 Fuzzer: inferno_webbot Job Type: linux_asan_chrome_chromeos Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x60e00026bb30 Crash State: ir_dereference_variable::ir_dereference_variable ir_to_mesa_visitor::visit ir_to_mesa_visitor::visit Recommended Security Severity: High Minimized Testcase (0.06 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94BGnpHlH6vhN5XPBQsd81x8VhJkgQEYGPiNihA2uOZtcnlj7nA4meDvN6U6eBPYQeYwssAtxuhal4UXnySdlOVl18El0TRtMLSr08MRgudttjrrzQq2pRIAnaJWzU2awo7fd-FshHSNXgDDVOaVzx3V7rtrA <script> window.location = "http://shadertoy.com";</script> Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 10 2016
,
May 10 2016
I suspect this is a WontFix. These types of mesa crashes shouldn't affect any shipping builds of chrome.
,
May 10 2016
Correct. Further, we are aiming to eliminate Mesa from Chrome's testing setup in the near future.
,
May 10 2016
Thanks everyone! Sorry for the false alarm.
,
Aug 17 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, May 10 2016Labels: M-51 Pri-1
Owner: kbr@chromium.org