Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in gpu::gles2::ShaderTranslator::Translate |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4649911838834688 Fuzzer: libfuzzer_gpu_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x6180000003e0 Crash State: gpu::gles2::ShaderTranslator::Translate gpu::gles2::Shader::DoCompile gpu::gles2::GLES2DecoderImpl::HandleGetShaderInfoLog Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=419085:419135 Minimized Testcase (0.73 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95jM4mheOJEHV7LnJKbmsWxrlqa5afXkkQ01mTSLqbZDIwSjhrOK0V4-gzn_lrCapEzzHVW8ESTMm_rqav7Vz-HxbQFatOm06hslCPxxXO2eM-c_ck5z2u_qxf0pvpqTJpTxAODZjFEA-QJ9hO_llyrhFDvgg?testcase_id=4649911838834688 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 17 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 17 2016
,
Sep 19 2016
Assigning to owner of the new translator fuzzer. Please help find an appropriate owner for this security bug! Thanks.
,
Sep 19 2016
Jamie, is this the command_buffer fuzzer case you have started looking at?
,
Sep 19 2016
No, this is new. I think some of these things are popping up because of the change to disable the pool allocator, but not sure.
,
Sep 20 2016
Possible duplicate of issue 647807 . You can check if top-of-tree ANGLE fixes this.
,
Sep 22 2016
ClusterFuzz has detected this issue as fixed in range 420202:420262. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4649911838834688 Fuzzer: libfuzzer_gpu_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x6180000003e0 Crash State: gpu::gles2::ShaderTranslator::Translate gpu::gles2::Shader::DoCompile gpu::gles2::GLES2DecoderImpl::HandleGetShaderInfoLog Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=419085:419135 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420202:420262 Minimized Testcase (0.73 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95jM4mheOJEHV7LnJKbmsWxrlqa5afXkkQ01mTSLqbZDIwSjhrOK0V4-gzn_lrCapEzzHVW8ESTMm_rqav7Vz-HxbQFatOm06hslCPxxXO2eM-c_ck5z2u_qxf0pvpqTJpTxAODZjFEA-QJ9hO_llyrhFDvgg?testcase_id=4649911838834688 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 22 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 23 2016
,
Oct 25 2016
,
Dec 30 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Sep 17 2016