Issue metadata
Sign in to add a comment
|
Bad-cast to blink::WebGLObject from invalid vptr;blink::WebGLProgram::deleteObjectImpl;blink::WebGLSharedObject::detachContextGroup |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6480097672691712 Fuzzer: inferno_twister Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: Bad-cast Crash Address: 0x06bce7658fb8 Crash State: Bad-cast to blink::WebGLObject from invalid vptr blink::WebGLProgram::deleteObjectImpl blink::WebGLSharedObject::detachContextGroup Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=393772:393773 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97FueGolXrjfHhtY_g8hmUgCNPZWNJh03SIQ-0oHU6jNqPS6Hi0h0JrHikM6WiRtatENRRopAxbl3RQvRH4peJ8zqiGS0DiCmkYjgC20TJsIMbNTQxGl4ybQ-LZpQTAYPyQ--A8fK_apCzhwR8a2EACzKfYrv6KAEw4N-yvS8CSIFt5LjQ?testcase_id=6480097672691712 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Oct 22 2016
,
Oct 23 2016
ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=6475395488808960
,
Oct 25 2016
danakj@, I wonder if you can take a look at this. Thanks.
,
Oct 25 2016
There are no casts in WebGLProgram::deleteObjectImpl so Idk what this bug is about.. zmo@ maybe you'll see something I don't. I thot maybe this is related to the WGC3D work I did but I'm not seeing it.
,
Nov 5 2016
ClusterFuzz has detected this issue as fixed in range 429537:429539. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6480097672691712 Fuzzer: inferno_twister Job Type: linux_ubsan_vptr_content_shell_drt Platform Id: linux Crash Type: Bad-cast Crash Address: 0x06bce7658fb8 Crash State: Bad-cast to blink::WebGLObject from invalid vptr blink::WebGLProgram::deleteObjectImpl blink::WebGLSharedObject::detachContextGroup Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=393772:393773 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_content_shell_drt&range=429537:429539 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97FueGolXrjfHhtY_g8hmUgCNPZWNJh03SIQ-0oHU6jNqPS6Hi0h0JrHikM6WiRtatENRRopAxbl3RQvRH4peJ8zqiGS0DiCmkYjgC20TJsIMbNTQxGl4ybQ-LZpQTAYPyQ--A8fK_apCzhwR8a2EACzKfYrv6KAEw4N-yvS8CSIFt5LjQ?testcase_id=6480097672691712 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 5 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 5 2016
,
Nov 7 2016
,
Nov 7 2016
+awhalley@ for merge review
,
Nov 7 2016
There were no code changes associated with this ClusterFuzz report and consequently there is nothing to merge.
,
Feb 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Oct 22 2016