Author: Olli Etuaho
Project: chromium-angle
Changelist: https://chromium.googlesource.com/angle/angle.git/+/3272a6d3d22ec0ebe13cf7fc97a81fd3948e9b42
Time: Mon Aug 29 14:54:50 2016
The CL last changed line 3037 of file ParseContext.cpp, which is stack frame 4.

Assigning to the reviewer of the CL
https://chromium.googlesource.com/angle/angle.git/+/3272a6d3d22ec0ebe13cf7fc97a81fd3948e9b42
jmadill@, could you please take a look and help us to find correct owner if it is not related your changes.

The following revision refers to this bug:
  https://chromium.googlesource.com/angle/angle/+/28cb0368fc7b1fad73bb324a76682f9651204a14

commit 28cb0368fc7b1fad73bb324a76682f9651204a14
Author: Olli Etuaho <oetuaho@nvidia.com>
Date: Tue Nov 22 15:42:37 2016

Check for misconfiguration of shader built-ins

Fail compiler initialization if the built-in resources are invalid.
This avoids creating zero-sized arrays out of built-ins into the
symbol table, which could later lead to asserts when these built-ins
were indexed by constants.

BUG= chromium:667468 
TEST=angle_unittests

Change-Id: I9553c7c91ea355abb35b9cc6088ee14b40b0922b
Reviewed-on: https://chromium-review.googlesource.com/413037
Commit-Queue: Olli Etuaho <oetuaho@nvidia.com>
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>

[modify] https://crrev.com/28cb0368fc7b1fad73bb324a76682f9651204a14/src/compiler/translator/Compiler.cpp
[add] https://crrev.com/28cb0368fc7b1fad73bb324a76682f9651204a14/src/tests/compiler_tests/ConstructCompiler_test.cpp
[modify] https://crrev.com/28cb0368fc7b1fad73bb324a76682f9651204a14/src/compiler/fuzz/translator_fuzzer.cpp
[modify] https://crrev.com/28cb0368fc7b1fad73bb324a76682f9651204a14/src/tests/angle_unittests.gypi

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5c313196cb49ecb3bb31b40b9fd64a8d63a965ad

commit 5c313196cb49ecb3bb31b40b9fd64a8d63a965ad
Author: geofflang <geofflang@chromium.org>
Date: Thu Nov 24 18:49:26 2016

Roll ANGLE 41f9f67..133a2ec

https://chromium.googlesource.com/angle/angle.git/+log/41f9f67..133a2ec

BUG= chromium:665255 , chromium:667468 

TBR=jmadill@chromium.org

TEST=bots

CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2532553002
Cr-Commit-Position: refs/heads/master@{#434372}

[modify] https://crrev.com/5c313196cb49ecb3bb31b40b9fd64a8d63a965ad/DEPS

ClusterFuzz has detected this issue as fixed in range 434362:434386.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6709784859639808

Fuzzer: libfuzzer_angle_translator_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  safeIndex >= 0
  sh::TParseContext::addIndexExpression
  yyparse
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=420312:420423
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=434362:434386

Minimized Testcase (0.33 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94Fsen5RYhnAvEV2Kvnmu8af7UzeMhLd1WKA_gA2o8TgoOME-HR-_pHZD-iMqMOYNThasvxENjuA_BhHkJZvpRxA9x57z4ibSt_zObfAqVLqCZu_aC3VQGDj7zb52cDm8RqVYzplKkmR-BnYYSrdp4UCGtVdw?testcase_id=6709784859639808
0�I� precision mediump float;
vary*ng mediump flo;t c;
fZobaCt=  vec4(5.5, 7, falsaryinvarying mediump vec3 v_coords;
struct T {
	mediump float	a;
}rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr;
void main (void)
{
	mediump float r = (s[0].b[ui_one].b[1].y) * s[0].b[0].a; gl_SecondaryFragDataEXT[9];



See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.