New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 648063 link

Starred by 1 user
Status: Fixed
Owner:
geoffl...@chromium.org
Closed: Sep 2016
Cc:
cwallez@chromium.org
kcc@chromium.org
geoffl...@chromium.org
mmoroz@chromium.org
aizatsky@chromium.org
jmad...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Undefined-shift in ppparse

Project Member Reported by ClusterFuzz, Sep 18 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5053867203231744

Fuzzer: libfuzzer_translator_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ppparse
  pp::ExpressionParser::parse
  pp::DirectiveParser::parseExpressionIf
  

Minimized Testcase (0.31 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96VPnBJLZKLimNuF99pJJSb5-AjByCouYNFPuAeEAJvXG2fOAhvwIRcU6yj9ARyJyDm4-rqVco8-A_dA8fFIp9874UJxsYZIq4BwHvhteLwzifaO44DcSgmMxNJR1_4Icm7JdHeKzKRklR7pTpNusmcFJYvow?testcase_id=5053867203231744

Issue manually filed by: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mmoroz@chromium.org, Sep 18 2016

Cc: mmoroz@chromium.org kcc@chromium.org cwallez@chromium.org aizatsky@chromium.org
Owner: jmad...@chromium.org
jdamill@, I see that you've fixed the similar  bug 629518 , would you mind taking a look at this one?

Comment 2 by mmoroz@chromium.org, Sep 19 2016

Components: Internals>GPU>ANGLE

Comment 3 by jmad...@chromium.org, Sep 19 2016

Owner: geoffl...@chromium.org
Status: Assigned (was: Untriaged)
Project Member

Comment 5 by bugdroid1@chromium.org, Sep 21 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/angle/angle/+/93561c3a4c01a4014cfffb5cd6c917cc460ea0e8

commit 93561c3a4c01a4014cfffb5cd6c917cc460ea0e8
Author: Geoff Lang <geofflang@chromium.org>
Date: Tue Sep 20 14:22:55 2016

Regenerate the preprocessor with the latest versions of flex and bison.

BUG= 648063 

Change-Id: Ia90d12c8cb4ae0a694227145267e78ca02dcc2b0
Reviewed-on: https://chromium-review.googlesource.com/387114
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>

[modify] https://crrev.com/93561c3a4c01a4014cfffb5cd6c917cc460ea0e8/src/compiler/preprocessor/Tokenizer.cpp
[modify] https://crrev.com/93561c3a4c01a4014cfffb5cd6c917cc460ea0e8/src/compiler/preprocessor/64bit-tokenizer-safety.patch
[modify] https://crrev.com/93561c3a4c01a4014cfffb5cd6c917cc460ea0e8/src/compiler/preprocessor/ExpressionParser.cpp

Comment 6 by geoffl...@chromium.org, Sep 21 2016

Status: Fixed (was: Assigned)
Project Member

Comment 7 by ClusterFuzz, Sep 23 2016 

ClusterFuzz has detected this issue as fixed in range 420244:420298.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5053867203231744

Fuzzer: libfuzzer_translator_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ppparse
  pp::ExpressionParser::parse
  pp::DirectiveParser::parseExpressionIf
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=418894:419032
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=420244:420298

Minimized Testcase (0.31 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96VPnBJLZKLimNuF99pJJSb5-AjByCouYNFPuAeEAJvXG2fOAhvwIRcU6yj9ARyJyDm4-rqVco8-A_dA8fFIp9874UJxsYZIq4BwHvhteLwzifaO44DcSgmMxNJR1_4Icm7JdHeKzKRklR7pTpNusmcFJYvow?testcase_id=5053867203231744

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 8 by bugdroid1@chromium.org, Sep 23 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/86dc7effdd78ad7aacdaf3af7fb8eb7e380e9f64

commit 86dc7effdd78ad7aacdaf3af7fb8eb7e380e9f64
Author: cwallez <cwallez@chromium.org>
Date: Fri Sep 23 21:21:19 2016

Roll ANGLE c287ea6..28a97ee

https://chromium.googlesource.com/angle/angle.git/+log/c287ea6..28a97ee

BUG= chromium:648031 , chromium:648135 , 648063 , 607283 , 645532 , chromium:648074 

TBR=geofflang@chromium.org

TEST=bots

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Merge branch 'master' of https://chromium.googlesource.com/chromium/src

fuzzers: add a fuzzer for the ANGLE shader translator

BUG= angleproject:1522 

Review-Url: https://codereview.chromium.org/2364873003
Cr-Commit-Position: refs/heads/master@{#420732}

[modify] https://crrev.com/86dc7effdd78ad7aacdaf3af7fb8eb7e380e9f64/DEPS

Comment 9 by jmad...@chromium.org, Sep 26 2016

Cc: geoffl...@chromium.org jmad...@chromium.org
 Issue 650190  has been merged into this issue.
Project Member

Comment 10 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment