Crash in gpu::gles2::Program::Link |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6711686542393344 Fuzzer: inferno_layout_test_unmodified Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x056fc07a014f Crash State: gpu::gles2::Program::Link gpu::gles2::GLES2DecoderImpl::DoLinkProgram gpu::gles2::GLES2DecoderImpl::HandleLinkProgram Sanitizer: undefined (UBSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=463867:463893 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6711686542393344 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 15 2017
The "does not point to an object of type gl::Object" error appears to be caused by https://swiftshader.googlesource.com/SwiftShader.git/+/9ed48bae7a2ff600712a0b8672f2b7d5f33b453b Which leads me to believe UBSAN doesn't know how to handle the [[clang::lto_visibility_public]] attribute or its effects. The class hierarchy itself didn't change in any way. Peter, Nico, have you encountered something like this before?
,
May 15 2017
I don't think that ubsan takes visibility into account (LTO or otherwise), so I'm not sure what's going on there. Can you still reproduce if you replace [[clang::lto_visibility_public]] with __attribute__((visibility("default"))) on the gl::Object class?
,
May 15 2017
,
May 16 2017
,
May 18 2017
Reminder that M59 Stable is launch is coming soon (less than 2 weeks)! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP so it gets enough baking time in Beta (before Stable promotion). Thank you!
,
May 19 2017
The following revision refers to this bug: https://chrome-internal.googlesource.com/chrome/tools/clusterfuzz/+/43e2c0996f1c061de421f17670cdc7c188c04ec5 commit 43e2c0996f1c061de421f17670cdc7c188c04ec5 Author: Abhishek Arya <inferno@chromium.org> Date: Fri May 19 03:46:27 2017
,
May 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/411554280f5bd29fa6ca3d9565450c83869808c2 commit 411554280f5bd29fa6ca3d9565450c83869808c2 Author: mbarbella <mbarbella@chromium.org> Date: Mon May 22 18:21:43 2017 Add UBSan vptr blacklist entries for swiftshader. R=sugoi@chromium.org TBR=scottmg@chromium.org BUG= 722349 Review-Url: https://codereview.chromium.org/2895763002 Cr-Commit-Position: refs/heads/master@{#473626} [modify] https://crrev.com/411554280f5bd29fa6ca3d9565450c83869808c2/tools/ubsan/vptr_blacklist.txt
,
May 23 2017
abdulsyed@, since this is a benign false positive in UBSan, I don't think this is a release blocker and won't need merging to the M59 branch. So I've removed the blocker label and lowered the priority. Feel free to put them back if you think it's worth merging anyway.
,
May 23 2017
,
May 23 2017
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by aarya@google.com
, May 15 2017Labels: M-59 Pri-1
Owner: capn@chromium.org
Status: Assigned (was: Untriaged)