New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 765965 link

Starred by 2 users

Issue metadata

Status: Duplicate
Merged: issue 735497
Owner:
Email to this user bounced
Closed: Nov 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Out-of-memory in angle_translator_fuzzer

Project Member Reported by ClusterFuzz, Sep 17 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6254628206542848

Fuzzer: libFuzzer_angle_translator_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  angle_translator_fuzzer
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=497212:497274

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6254628206542848

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 
Status: WontFix (was: Untriaged)
Marking the issue as Wont Fix as this is an Out of Memory issue.
Thank You.
Project Member

Comment 2 by ClusterFuzz, Sep 19 2017

Labels: OS-Mac
Project Member

Comment 3 by ClusterFuzz, Sep 25 2017

Labels: Needs-Feedback
ClusterFuzz testcase 6254628206542848 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 4 by mmoroz@chromium.org, Sep 30 2017

Status: Unconfirmed (was: WontFix)
Cc: msrchandra@chromium.org pnangunoori@chromium.org
Components: Internals>GPU>ANGLE
Labels: M-63 Test-Predator-Correct
Owner: oetu...@nvidia.com
Status: Assigned (was: Unconfirmed)
Test Predator has given the following results:

Add support for arrays of arrays in AST processing by oetuaho@nvidia.com
Changelist touched lines near the crashed line in frame #7 sh::(anonymous namespace)::CreateZeroInitAssignment(sh::TIntermTyped const*) (distance = 0 lines away)
Top touched frame is #3 sh::TIntermBinary::TIntermBinary(in IntermNode.cpp)
Changed files CollectVariables.cpp, Initialize.cpp, InitializeVariables.cpp, IntermNode.cpp, IntermNode.h, IntermNode_util.cpp, OutputGLSLBase.cpp, OutputHLSL.cpp, OutputHLSL.h, ParseContext.cpp, ParseContext.h, StructureHLSL.cpp, Types.cpp, Types.h, UniformHLSL.cpp, ValidateOutputs.cpp, util.cpp, util.h, with the same CrashedDirectory(src/compiler/translator) as InitializeVariables.cpp (in frame#8, frame#7), IntermNode.cpp (in frame#3, frame#5), IntermNode.h (in frame#4, frame#6)
Touched files in stacktrace - IntermNode.h, IntermNode.cpp, InitializeVariables.cpp

@oetuaho -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.

Thank You.
Cc: cwallez@chromium.org jmad...@chromium.org
CC'd reviewer.

Comment 7 by mmoroz@chromium.org, Oct 24 2017

For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md.

The link referenced in the description is no longer valid.

Comment 8 by oetu...@nvidia.com, Nov 1 2017

Mergedinto: 735497
Status: Duplicate (was: Assigned)
This has the same underlying cause as  bug 735497 .

Sign in to add a comment