Incorrect-function-pointer-type in gl::GLApiBase::glFenceSyncFn |
||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5741670764380160 Fuzzer: libfuzzer_gpu_angle_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash State: gl::GLApiBase::glFenceSyncFn gpu::gles2::GLES2DecoderImpl::HandleFenceSync gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false> Sanitizer: undefined (UBSAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=451020:451115 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv966mwh1yYFOg0oR9GZXO1X-BehiftTueIgbALiAelEy5BRnBU0jAPkooOPNTSDhdtIpRlToHoqlsYIdFCp1TdHyTnL67chp8h1_2gD3Ket3LVPUS-_-xyoJDt7PHLS5YVMTY8ehZ2bTGkeOmCSBKUp7kJHdOkPYq1VNYIrT9InqGiTPrLtufSsD4Desr3seErh1b4Y2cohqzBm8KDGb0nBnPhAjIHviaVjRu3IWl9zofvJL0v49JYHVbcA9kwhCL5bhXeAbrQixEi4xhf2Pk2Dw-tvx2-isNwtie2Yx_1sSftc2sG-H-PACYCzB3W2-elXVLgdoYOCzDVUgNhoUz9ELIhGWHU1MXpx5W1Ynq8Qvn9Src-jrsrqhcRTeGt7dwRfO_FHxO5OtIFvCb8scz3kNLtNJGQ?testcase_id=5741670764380160 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Feb 17 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 17 2017
,
Feb 18 2017
jbauman/zmo: thanks for looking at issue 693072 . This one looks similar. Could you please help triage? Thanks!
,
Feb 18 2017
Most likely not a security bug, just a difference in typedefs.
,
Feb 21 2017
I saw this one too when I was testing ANGLE's fuzzer. I'm pretty sure it's because GLsync is typedef'd as "typedef struct __GLsync *GLsync;" and this is linked into multiple DLLs that are not linked to eachother. This should be safe because GLsync is just an opaque pointer.
,
Feb 22 2017
Yeah, we might want to add this to some ubsan suppressions file.
,
Feb 23 2017
ClusterFuzz has detected this issue as fixed in range 452261:452420. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5741670764380160 Fuzzer: libfuzzer_gpu_angle_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Incorrect-function-pointer-type Crash Address: Crash State: gl::GLApiBase::glFenceSyncFn gpu::gles2::GLES2DecoderImpl::HandleFenceSync gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false> Sanitizer: undefined (UBSAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=451020:451115 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=452261:452420 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv966mwh1yYFOg0oR9GZXO1X-BehiftTueIgbALiAelEy5BRnBU0jAPkooOPNTSDhdtIpRlToHoqlsYIdFCp1TdHyTnL67chp8h1_2gD3Ket3LVPUS-_-xyoJDt7PHLS5YVMTY8ehZ2bTGkeOmCSBKUp7kJHdOkPYq1VNYIrT9InqGiTPrLtufSsD4Desr3seErh1b4Y2cohqzBm8KDGb0nBnPhAjIHviaVjRu3IWl9zofvJL0v49JYHVbcA9kwhCL5bhXeAbrQixEi4xhf2Pk2Dw-tvx2-isNwtie2Yx_1sSftc2sG-H-PACYCzB3W2-elXVLgdoYOCzDVUgNhoUz9ELIhGWHU1MXpx5W1Ynq8Qvn9Src-jrsrqhcRTeGt7dwRfO_FHxO5OtIFvCb8scz3kNLtNJGQ?testcase_id=5741670764380160 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 23 2017
ClusterFuzz testcase 5741670764380160 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Feb 23 2017
,
Jun 1 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by sheriffbot@chromium.org
, Feb 17 2017