Floating-point-exception in getObjectSize |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6163574538108928 Fuzzer: libfuzzer_radamsa_angle_translator_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Floating-point-exception Crash Address: Crash State: getObjectSize TFieldListCollection::calculateObjectSize objectSize Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420334:420440 Minimized Testcase (0.54 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95R1XEKzKbQdc1kj3dJAZPfwM-bj9cLDCL1pOfCZMi3nKfOT54ikM900ERQTx3PG4v86a31mU0vcVTlg8aQJxsLoTpD3TZNSYodjczeQfQi_XhKdaxzcVMk1-65k-msHX2wo9gfrZ_6EAxCr6urlB2bsd8N3g?testcase_id=6163574538108928 Issue manually filed by: mmohammad See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 6 2016
,
Oct 6 2016
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/5b7d40b374c33d2bc84ef08922b4db0f4be6ca22 commit 5b7d40b374c33d2bc84ef08922b4db0f4be6ca22 Author: Jamie Madill <jmadill@chromium.org> Date: Thu Oct 06 15:41:02 2016 translator: Avoid divide-by-zero in error case. In some code path found by a fuzzer, we would have a zero sized array, which would trigger a zero divide. I was unable to extract the failing shader from the fuzzer case trivially. BUG= chromium:653274 Change-Id: Ia2558ae828fa73615c901fd1cda9ddaa3a72f1a9 Reviewed-on: https://chromium-review.googlesource.com/394238 Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Jamie Madill <jmadill@chromium.org> [modify] https://crrev.com/5b7d40b374c33d2bc84ef08922b4db0f4be6ca22/src/compiler/translator/Types.cpp
,
Oct 6 2016
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/5b7d40b374c33d2bc84ef08922b4db0f4be6ca22 commit 5b7d40b374c33d2bc84ef08922b4db0f4be6ca22 Author: Jamie Madill <jmadill@chromium.org> Date: Thu Oct 06 15:41:02 2016 translator: Avoid divide-by-zero in error case. In some code path found by a fuzzer, we would have a zero sized array, which would trigger a zero divide. I was unable to extract the failing shader from the fuzzer case trivially. BUG= chromium:653274 Change-Id: Ia2558ae828fa73615c901fd1cda9ddaa3a72f1a9 Reviewed-on: https://chromium-review.googlesource.com/394238 Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Jamie Madill <jmadill@chromium.org> [modify] https://crrev.com/5b7d40b374c33d2bc84ef08922b4db0f4be6ca22/src/compiler/translator/Types.cpp
,
Oct 6 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9859aac71e6b077f66c37da16896971a81c02e08 commit 9859aac71e6b077f66c37da16896971a81c02e08 Author: jmadill <jmadill@chromium.org> Date: Thu Oct 06 20:11:14 2016 Roll ANGLE d08f3b3..873d00f https://chromium.googlesource.com/angle/angle.git/+log/d08f3b3..873d00f BUG= chromium:653274 , chromium:651493 , chromium:653276 , chromium:593024 , chromium:634525 TBR=geofflang@chromium.org TEST=bots CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Review-Url: https://codereview.chromium.org/2399933002 Cr-Commit-Position: refs/heads/master@{#423643} [modify] https://crrev.com/9859aac71e6b077f66c37da16896971a81c02e08/DEPS
,
Oct 6 2016
,
Oct 7 2016
ClusterFuzz has detected this issue as fixed in range 423381:423433. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6163574538108928 Fuzzer: libfuzzer_radamsa_angle_translator_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Floating-point-exception Crash Address: Crash State: getObjectSize TFieldListCollection::calculateObjectSize objectSize Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420334:420440 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=423381:423433 Minimized Testcase (0.54 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95R1XEKzKbQdc1kj3dJAZPfwM-bj9cLDCL1pOfCZMi3nKfOT54ikM900ERQTx3PG4v86a31mU0vcVTlg8aQJxsLoTpD3TZNSYodjczeQfQi_XhKdaxzcVMk1-65k-msHX2wo9gfrZ_6EAxCr6urlB2bsd8N3g?testcase_id=6163574538108928 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 27 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9859aac71e6b077f66c37da16896971a81c02e08 commit 9859aac71e6b077f66c37da16896971a81c02e08 Author: jmadill <jmadill@chromium.org> Date: Thu Oct 06 20:11:14 2016 Roll ANGLE d08f3b3..873d00f https://chromium.googlesource.com/angle/angle.git/+log/d08f3b3..873d00f BUG= chromium:653274 , chromium:651493 , chromium:653276 , chromium:593024 , chromium:634525 TBR=geofflang@chromium.org TEST=bots CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Review-Url: https://codereview.chromium.org/2399933002 Cr-Commit-Position: refs/heads/master@{#423643} [modify] https://crrev.com/9859aac71e6b077f66c37da16896971a81c02e08/DEPS
,
Nov 4 2016
[Automated comment] removing mislabelled merge-merged-2840
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mmohammad@chromium.org
, Oct 5 2016Status: Assigned (was: Untriaged)