ClusterFuzz has detected this issue as fixed in range 422937:423055.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5552426763681792

Fuzzer: libfuzzer_gpu_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  gpu::gles2::GLES2DecoderImpl::DoCopyTexSubImage2D
  gpu::gles2::GLES2DecoderImpl::HandleCopyTexSubImage2D
  gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false>
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=405489:405645
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=422937:423055

Minimized Testcase (10.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9400DHO_pdfH6zoT2FzhX8J6pGZ1VS7uiAawvgz2kqecRap12J8kFtLZa9s6Hm-5lu8shb67mS5lIDoHNsOyWjZLxhstxUCr6bSe-jN4SQsBCyYf8oa3UMQW-zk1wz7byDNePfl0cs9SqLC5Fzzhkf6gWB27A?testcase_id=5552426763681792

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

So, it's not so much that the bug itself was fixed, but a change (namely https://codereview.chromium.org/2221173002 ) shifted some command ids, basically making the same testcase exercise different code paths. That's fairly unavoidable with how we generate command ids today (though maybe we should aim towards only adding new commands at the end of the list).

Fuzzer found the bug again after a few days though: https://bugs.chromium.org/p/chromium/issues/detail?id=654792

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot