New issue
Advanced search Search tips

Issue 727382 link

Starred by 1 user
Status: Verified
Owner:
piman@chromium.org
Closed: Jun 2017
Cc:
dsinclair@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: client_id in texture_manager.cc

Project Member Reported by ClusterFuzz, May 29 2017 
Detailed report: https://clusterfuzz.com/testcase?key=6569187127590912

Fuzzer: libfuzzer_gpu_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  client_id in texture_manager.cc
  base::debug::DebugBreak
  gpu::gles2::TextureManager::Consume
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=469306:469316

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6569187127590912


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by piman@chromium.org, Jun 1 2017

Components: Internals>GPU>Internals
Owner: piman@chromium.org

Comment 2 by enne@chromium.org, Jun 2 2017

Status: Assigned (was: Untriaged)

Comment 3 by piman@chromium.org, Jun 2 2017

Status: Started (was: Assigned)
https://chromium-review.googlesource.com/c/522991/
Project Member

Comment 4 by bugdroid1@chromium.org, Jun 3 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5385b749d156545976d1eff91475fb521e524b2c

commit 5385b749d156545976d1eff91475fb521e524b2c
Author: Antoine Labour <piman@chromium.org>
Date: Sat Jun 03 16:14:59 2017

Disallow 0 client_id in CreateAndConsumeTextureINTERNAL

The client should never send 0, this makes it consistent with how we
reject 0 in GenTextures.

Bug:  727382 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Ic50f4f9ef8bf4a33cf074e654a324d19a15ab01d
Reviewed-on: https://chromium-review.googlesource.com/522991
Reviewed-by: Victor Miura <vmiura@chromium.org>
Commit-Queue: Antoine Labour <piman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#476898}
[modify] https://crrev.com/5385b749d156545976d1eff91475fb521e524b2c/gpu/command_buffer/service/gles2_cmd_decoder.cc
[modify] https://crrev.com/5385b749d156545976d1eff91475fb521e524b2c/gpu/command_buffer/service/gles2_cmd_decoder_passthrough_doers.cc
[modify] https://crrev.com/5385b749d156545976d1eff91475fb521e524b2c/gpu/command_buffer/service/gles2_cmd_decoder_unittest_textures.cc
Project Member

Comment 5 by ClusterFuzz, Jun 4 2017 

ClusterFuzz has detected this issue as fixed in range 476897:476898.

Detailed report: https://clusterfuzz.com/testcase?key=6569187127590912

Fuzzer: libFuzzer_gpu_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  client_id in texture_manager.cc
  base::debug::DebugBreak
  gpu::gles2::TextureManager::Consume
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=469306:469316
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=476897:476898

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6569187127590912


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Jun 4 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 6569187127590912 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment