Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in gpu::gles2::GLES2DecoderImpl::GetHelper |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6331390712086528 Fuzzer: libfuzzer_gpu_angle_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gpu::gles2::GLES2DecoderImpl::GetHelper gpu::gles2::GLES2DecoderImpl::DoGetIntegerv gpu::gles2::GLES2DecoderImpl::DoGetInteger64v Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=450717:450741 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95bqKCnXxzdb1ihgmGnhtsHLDb4jLTdp-YeO0AQUjMX1jkLJGhg1Is3LjiROhFCivPP5YeFbQ8mfgK3zXGjAOW57BTPyigafzycwButc22jY6LF4FAQcUd2QX502sHzxo4HjPxeZTApMzYnyJNeetI-Vx5gXNF-w73pAK5rTRM1sAUHOKs-hbBOTq7bDo4tmhVmAojNQ_gKW5Pov2SUX2b-q2g6Ceq236cssDKyAJoGrjFxIwTSAUzwow0Bzkfm5talRbWyig_Gv1MpxoiBEeb6nWinv01Xto3DFbYkfwdyKOTrG9CzkhGLcn4QGLFcjhN0feaeYXwJIzQ7Ow4KIBpCV9QsmgitrLKO42KWBGtvHxvNVoE0UUVgYHxbcpmMu6g7F1TsO9N81oAGVKXw3LJckJCRJQ?testcase_id=6331390712086528 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Feb 16 2017
,
Feb 16 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 16 2017
,
Feb 16 2017
Thanks ochang@, assigning geofflang@ that is working on this fuzzer. I'm not sure about the security labels, as AFAIK this fuzzer is for functionality that isn't shipped yet.
,
Feb 18 2017
ClusterFuzz has detected this issue as fixed in range 451393:451409. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6331390712086528 Fuzzer: libfuzzer_gpu_angle_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gpu::gles2::GLES2DecoderImpl::GetHelper gpu::gles2::GLES2DecoderImpl::DoGetIntegerv gpu::gles2::GLES2DecoderImpl::DoGetInteger64v Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=450717:450741 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=451393:451409 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95bqKCnXxzdb1ihgmGnhtsHLDb4jLTdp-YeO0AQUjMX1jkLJGhg1Is3LjiROhFCivPP5YeFbQ8mfgK3zXGjAOW57BTPyigafzycwButc22jY6LF4FAQcUd2QX502sHzxo4HjPxeZTApMzYnyJNeetI-Vx5gXNF-w73pAK5rTRM1sAUHOKs-hbBOTq7bDo4tmhVmAojNQ_gKW5Pov2SUX2b-q2g6Ceq236cssDKyAJoGrjFxIwTSAUzwow0Bzkfm5talRbWyig_Gv1MpxoiBEeb6nWinv01Xto3DFbYkfwdyKOTrG9CzkhGLcn4QGLFcjhN0feaeYXwJIzQ7Ow4KIBpCV9QsmgitrLKO42KWBGtvHxvNVoE0UUVgYHxbcpmMu6g7F1TsO9N81oAGVKXw3LJckJCRJQ?testcase_id=6331390712086528 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 18 2017
ClusterFuzz testcase 6331390712086528 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Feb 18 2017
,
Mar 13 2017
,
May 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by och...@chromium.org
, Feb 16 2017Owner: cwallez@chromium.org
Status: Assigned (was: Untriaged)