Issue 675142 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 668857
Owner:	----
Closed:	Dec 2016
Cc:	█ oetu...@nvidia.com cwallez@chromium.org jmad...@chromium.org mac-bugs-priority@chromium.org
Components:	Internals>GPU>ANGLE
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Libfuzzer Clusterfuzz

Out-of-memory in angle_translator_fuzzer

Project Member Reported by ClusterFuzz, Dec 16 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5547147320885248

Fuzzer: libfuzzer_angle_translator_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Out-of-memory
Crash Address: 
Crash State:
  angle_translator_fuzzer
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=420407:420408

Minimized Testcase (0.48 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97zZjLv__FU0UjA7G-IxKnHieSA17ZbAV6hXiYLGvAmN7dBT_rIsPtEXbc-3W5yCYRTKk9prCTZwhw_rbGZRV1fqKTobXYjJvksvuWbG0TK3KSBBcSyRHu_8Mmkr99hDsP1uhOmEj960Qg_TfOx0b0G1OMdoQ?testcase_id=5547147320885248

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by patricia...@chromium.org, Dec 19 2016

Components: Internals>GPU>ANGLE

Comment 2 by jmad...@chromium.org, Dec 19 2016

Cc: oetu...@nvidia.com cwallez@chromium.org jmad...@chromium.org

Comment 3 by cwallez@chromium.org, Dec 20 2016

Mergedinto: 668857
Status: Duplicate (was: Untriaged)

This is the same root cause as 668857: the fuzzer found a way to make a GIANT amount of uniforms and ANGLE does work proportional to the size of the uniforms.

Project Member

Comment 4 by ClusterFuzz, Apr 13 2017

ClusterFuzz has detected this issue as fixed in range 464259:464267.

Detailed report: https://clusterfuzz.com/testcase?key=5547147320885248

Fuzzer: libfuzzer_angle_translator_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  angle_translator_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=420407:420408
Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=464259:464267

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94zPFfZN_rmG97g-RR-9HZzRNGsOo5LbdEFS5llJZbxEdwY9diPXZSLcaK19ZKRJL6cWiyti6GaLR7uQhXPy_2GTeHxfmsUZceejQAbMok0QtM4FUVdhqAbL5RIH6lhQoc6Fhb2O_adoUedpPQSsJaqt7N50Fl5Rzfnfx-X11Ixgu9GmAUqQ9-3qMOg4Nf36ZE4FK5At9D9ISddOLmjq8m-kJEyRf5tqVREijA-P8zLukjajsGR5sh2nx8QZ0DW5kcMMNtNEgbWksps4ojsdJChoqcoF1Cnoqb7EQXM1l4T1AEowrXheGusooEpbjB2fK_WIO56f0ngEMIhIPuR8y4zHBmUVHh_gbCYTc_j6gBmyXHfoJ8?testcase_id=5547147320885248


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 675142 link

Issue metadata

Out-of-memory in angle_translator_fuzzer

Issue description

Comment 1 by patricia...@chromium.org, Dec 19 2016

Comment 1 Deleted

Comment 2 by jmad...@chromium.org, Dec 19 2016

Comment 2 Deleted

Comment 3 by cwallez@chromium.org, Dec 20 2016

Comment 3 Deleted

Comment 4 by ClusterFuzz, Apr 13 2017

Comment 4 Deleted

Sign in to add a comment