Issue metadata
Sign in to add a comment
|
Heap-use-after-free in elt |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5712019085066240 Fuzzer: inferno_twister Job Type: mac_asan_content_shell Platform Id: mac Crash Type: Heap-use-after-free READ 8 Crash Address: 0x604000067b50 Crash State: elt vbo_split_copy vbo_split_prims Recommended Security Severity: High Minimized Testcase (19.81 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Jll-NMmk_KDtvS1p7Y6kicUGdmbUWVHp2lceacYHhmo4YiFuoqdlfJ0IQrpjZ8ns787wRBfDIvTwuSyqflrQT8w2HxNGVz_zorKvo9NdDB8VY8JCet275Q7RyfhPUSE8d0PsfStOxP1e6xGKiCgV4Mis58qyBlIoI5jZ0XelQGhLNeao Filer: ochang See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 6 2016
kbr, might you be a good person to take a look at this one, which appears to be mesa-related?
,
Jun 6 2016
kbr, btw I am not entirely sure if this is a real vulnerability or not. your thoughts on that would be appreciated
,
Jun 6 2016
This is a bug in the version of Mesa that Chromium uses only for testing purposes. The shader being fed in has a syntax error. Several similar bugs have been found in the past but we don't think that they represent actual bugs that end users will see. We are in the process of removing Mesa from Chrome's testing and replacing it with SwiftShader, which should categorically solve these sorts of bugs. Closing this as WontFix as we won't be able to fix these bugs in Mesa and have a plan for solving them more generally.
,
Sep 13 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by f...@chromium.org
, Jun 6 2016