New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 632857 link

Starred by 2 users
Status: WontFix
Owner:
kbr@chromium.org
OOO until 2019-01-24
Closed: Aug 2016
Cc:
sugoi@chromium.org
bajones@chromium.org
capn@chromium.org
zmo@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in _swrast_map_renderbuffers

Project Member Reported by ClusterFuzz, Jul 29 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6023227778531328

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: UNKNOWN
Crash Address: 0x61b800091190
Crash State:
  _swrast_map_renderbuffers
  _swrast_render_start
  _swsetup_RenderStart
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=408444:408557

Minimized Testcase (28.97 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95xscIPM-yb1H0Px6m7RmanoqAuw6Ba8MzRva6E53Lnhm7JC7W1tEIdv_kUAXvKWWw3gkofxMeJOsJEy4PPsYlzPQJNB1Y9_IpOjkG0dCoBJZjm4-YD1y_7VTgbXBOHTIX_dCc8QNoy680RVcQx_NAgs0zg0_MgMyoD7ndWZVHI1FWYB1I?testcase_id=6023227778531328

Filer: tanin

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by rickyz@chromium.org, Jul 29 2016

Cc: zmo@chromium.org bajones@chromium.org
Components: Blink>WebGL Internals>GPU
Owner: kbr@chromium.org
Status: Available (was: Untriaged)
Adding some folks from  issue 339995 .
Project Member

Comment 2 by sheriffbot@chromium.org, Jul 30 2016

Labels: M-54
Project Member

Comment 3 by sheriffbot@chromium.org, Jul 30 2016

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by sheriffbot@chromium.org, Jul 30 2016

Labels: Pri-1
Project Member

Comment 5 by sheriffbot@chromium.org, Jul 30 2016

Status: Assigned (was: Available)

Comment 6 by kbr@chromium.org, Aug 1 2016

Cc: sugoi@chromium.org capn@chromium.org
Status: WontFix (was: Assigned)
This is another crash in the version of Mesa used only for Chromium's testing, and which we're actively trying to get rid of in favor of SwiftShader.
Project Member

Comment 7 by ClusterFuzz, Aug 11 2016 

ClusterFuzz has detected this issue as fixed in range 410916:411073.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6023227778531328

Fuzzer: inferno_layout_test_unmodified
Job Type: mac_asan_content_shell
Platform Id: mac

Crash Type: UNKNOWN
Crash Address: 0x61b800091190
Crash State:
  _swrast_map_renderbuffers
  _swrast_render_start
  _swsetup_RenderStart
  
Recommended Security Severity: Medium

Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=408444:408557
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_asan_content_shell&range=410916:411073

Minimized Testcase (28.97 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95xscIPM-yb1H0Px6m7RmanoqAuw6Ba8MzRva6E53Lnhm7JC7W1tEIdv_kUAXvKWWw3gkofxMeJOsJEy4PPsYlzPQJNB1Y9_IpOjkG0dCoBJZjm4-YD1y_7VTgbXBOHTIX_dCc8QNoy680RVcQx_NAgs0zg0_MgMyoD7ndWZVHI1FWYB1I?testcase_id=6023227778531328

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 8 by sheriffbot@chromium.org, Nov 8 2016

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment