Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in gpu::gles2::ScopedPixelUnpackBufferOverride::ScopedPixelUnpackBufferOverride |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4871313075470336 Fuzzer: libFuzzer_gpu_angle_passthrough_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gpu::gles2::ScopedPixelUnpackBufferOverride::ScopedPixelUnpackBufferOverride gpu::gles2::FeatureInfo::InitializeFeatures gpu::gles2::FeatureInfo::Initialize Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=458079:458169 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4871313075470336 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 12 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/6019ce8862dbf9acbc4b2a6b42849657002f3b41 (Implement debug marker entry points in the passthrough command buffer.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Oct 12 2017
,
Oct 12 2017
,
Oct 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ad8c76a089eadde11bc0dc74f979aac06a597acf commit ad8c76a089eadde11bc0dc74f979aac06a597acf Author: Geoff Lang <geofflang@chromium.org> Date: Tue Oct 17 20:14:08 2017 Initialize orig_binding in ScopedPixelUnpackBufferOverride. Caught by the fuzzer which can't guarentee that orig_binding will be written to. BUG= 773952 Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel Change-Id: Ib3283bec5c7177eab6a3721f8a9f576d783968f4 Reviewed-on: https://chromium-review.googlesource.com/723759 Reviewed-by: Zhenyao Mo <zmo@chromium.org> Commit-Queue: Geoff Lang <geofflang@chromium.org> Cr-Commit-Position: refs/heads/master@{#509501} [modify] https://crrev.com/ad8c76a089eadde11bc0dc74f979aac06a597acf/gpu/command_buffer/service/feature_info.cc
,
Oct 18 2017
ClusterFuzz has detected this issue as fixed in range 509426:509655. Detailed report: https://clusterfuzz.com/testcase?key=4871313075470336 Fuzzer: libFuzzer_gpu_angle_passthrough_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gpu::gles2::ScopedPixelUnpackBufferOverride::ScopedPixelUnpackBufferOverride gpu::gles2::FeatureInfo::InitializeFeatures gpu::gles2::FeatureInfo::Initialize Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=458079:458169 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=509426:509655 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4871313075470336 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 18 2017
ClusterFuzz testcase 4871313075470336 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 18 2017
,
Nov 7 2017
,
Nov 7 2017
,
Dec 4 2017
,
Jan 22 2018
,
Jan 24 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 27 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Oct 12 2017Labels: Test-Predator-AutoComponents