Undefined-shift in TConstantUnion::operator>> |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5758986848829440 Fuzzer: libfuzzer_translator_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: TConstantUnion::operator>> TIntermConstantUnion::foldBinary TIntermBinary::fold Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94CkxtYOpXjsWXrqbRtlE_ZLjyeS9Eh93IY_VqkEenDmxvrxPOHjrZ2YdfJ07EDIKf0vm3KGDOTdNSkj8Udp82z5xv_HqU2nQn9kApgYtQWnmt3DXuWvpv1YL-tBx8dN-8cp2AFwrCgHAqlCeE4-jHBVATuXQ?testcase_id=5758986848829440 Issue manually filed by: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 21 2016
,
Sep 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/596018ce7b6aa6faf45196febd597f051a626c94 commit 596018ce7b6aa6faf45196febd597f051a626c94 Author: Jamie Madill <jmadill@chromium.org> Date: Wed Sep 21 16:57:03 2016 translator: Refactor Constant Union shift ops. In preparation for making them robust. BUG= chromium:648135 Change-Id: I88fc87d8887064fda04087c56de05d8725a6fe5f Reviewed-on: https://chromium-review.googlesource.com/387469 Reviewed-by: Geoff Lang <geofflang@chromium.org> Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Jamie Madill <jmadill@chromium.org> [modify] https://crrev.com/596018ce7b6aa6faf45196febd597f051a626c94/src/common/debug.h [modify] https://crrev.com/596018ce7b6aa6faf45196febd597f051a626c94/src/compiler/translator/ConstantUnion.h [modify] https://crrev.com/596018ce7b6aa6faf45196febd597f051a626c94/src/compiler/translator/IntermNode.cpp [modify] https://crrev.com/596018ce7b6aa6faf45196febd597f051a626c94/src/compiler/translator/ConstantUnion.cpp
,
Sep 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/44ebf6b41ff832540a7584a189601e39123ecc04 commit 44ebf6b41ff832540a7584a189601e39123ecc04 Author: Jamie Madill <jmadill@chromium.org> Date: Thu Sep 22 17:00:02 2016 ConstantUnion: Error on undefined shift. BUG= chromium:648135 Change-Id: I41581f63af650564a0f61c1baeeb38017c8513ed Reviewed-on: https://chromium-review.googlesource.com/387470 Commit-Queue: Jamie Madill <jmadill@chromium.org> Reviewed-by: Geoff Lang <geofflang@chromium.org> Reviewed-by: Corentin Wallez <cwallez@chromium.org> [modify] https://crrev.com/44ebf6b41ff832540a7584a189601e39123ecc04/src/tests/gl_tests/GLSLTest.cpp [modify] https://crrev.com/44ebf6b41ff832540a7584a189601e39123ecc04/src/compiler/translator/ConstantUnion.cpp
,
Sep 23 2016
ClusterFuzz has detected this issue as fixed in range 420244:420298. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5758986848829440 Fuzzer: libfuzzer_translator_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: TConstantUnion::operator>> TIntermConstantUnion::foldBinary TIntermBinary::fold Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=418894:419032 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=420244:420298 Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94CkxtYOpXjsWXrqbRtlE_ZLjyeS9Eh93IY_VqkEenDmxvrxPOHjrZ2YdfJ07EDIKf0vm3KGDOTdNSkj8Udp82z5xv_HqU2nQn9kApgYtQWnmt3DXuWvpv1YL-tBx8dN-8cp2AFwrCgHAqlCeE4-jHBVATuXQ?testcase_id=5758986848829440 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 23 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 23 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/86dc7effdd78ad7aacdaf3af7fb8eb7e380e9f64 commit 86dc7effdd78ad7aacdaf3af7fb8eb7e380e9f64 Author: cwallez <cwallez@chromium.org> Date: Fri Sep 23 21:21:19 2016 Roll ANGLE c287ea6..28a97ee https://chromium.googlesource.com/angle/angle.git/+log/c287ea6..28a97ee BUG= chromium:648031 , chromium:648135 , 648063 , 607283 , 645532 , chromium:648074 TBR=geofflang@chromium.org TEST=bots CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Merge branch 'master' of https://chromium.googlesource.com/chromium/src fuzzers: add a fuzzer for the ANGLE shader translator BUG= angleproject:1522 Review-Url: https://codereview.chromium.org/2364873003 Cr-Commit-Position: refs/heads/master@{#420732} [modify] https://crrev.com/86dc7effdd78ad7aacdaf3af7fb8eb7e380e9f64/DEPS
,
Sep 27 2016
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/2cacb7783116bdd94b2dd70315418a62e035bd1d commit 2cacb7783116bdd94b2dd70315418a62e035bd1d Author: Olli Etuaho <oetuaho@nvidia.com> Date: Mon Sep 26 07:50:40 2016 Fix folding shifts when operands have different signedness The code used to incorrectly assert that the right-hand side of shift should have the same signedness as the left-hand side. Instead simply assert that both the lhs and rhs are integer typed, and also don't rely on aliasing via union when accessing bit shift operands. Also disallow constant folded bit shifts where the right hand side is greater than 31. Shifting with values greater than the width of the type has undefined results in both ESSL and C++. BUG= chromium:648135 TEST=angle_unittests Change-Id: I84a99abc55f0eeda549b4781e954d17ba7b87552 Reviewed-on: https://chromium-review.googlesource.com/389351 Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Olli Etuaho <oetuaho@nvidia.com> [modify] https://crrev.com/2cacb7783116bdd94b2dd70315418a62e035bd1d/src/tests/compiler_tests/ConstantFolding_test.cpp [modify] https://crrev.com/2cacb7783116bdd94b2dd70315418a62e035bd1d/src/tests/compiler_tests/MalformedShader_test.cpp [modify] https://crrev.com/2cacb7783116bdd94b2dd70315418a62e035bd1d/src/compiler/translator/ConstantUnion.cpp
,
Sep 28 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/910e1c87b9a5f5e5c870372f0129c804e4434649 commit 910e1c87b9a5f5e5c870372f0129c804e4434649 Author: cwallez <cwallez@chromium.org> Date: Wed Sep 28 20:30:09 2016 Roll ANGLE 00ff119..1be4d49 https://chromium.googlesource.com/angle/angle.git/+log/00ff119..1be4d49 BUG= chromium:637050 , chromium:648135 TBR=geofflang@chromium.org TEST=bots CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Review-Url: https://codereview.chromium.org/2373373002 Cr-Commit-Position: refs/heads/master@{#421627} [modify] https://crrev.com/910e1c87b9a5f5e5c870372f0129c804e4434649/DEPS
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by mmoroz@chromium.org
, Sep 19 2016Components: Internals>GPU>ANGLE
Owner: jmad...@chromium.org