Integer-overflow in pp::Input::read |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6425274353975296 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: pp::Input::read yy_get_next_buffer pplex Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=423338:423416 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6425274353975296 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 16 2017
,
Oct 17 2017
Removing "CF-NeedsTriage" since it has been assigned to right component.
,
Oct 20 2017
Appears to be a crash in Angle (with Angle fuzzer). geofflang@ can you take a look? Thanks!
,
Oct 20 2017
,
Oct 24 2017
For more information, please see https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md. The link referenced in the description is no longer valid.
,
Oct 30 2017
Corentin, want to triage this?
,
Nov 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/d78e33a8da3130f424a10c6053dad05a010beb6e commit d78e33a8da3130f424a10c6053dad05a010beb6e Author: Corentin Wallez <cwallez@chromium.org> Date: Wed Nov 01 17:01:08 2017 preprocessor: Fix lineno overflow on line continuations BUG= chromium:774807 Change-Id: I4b3fbee31683f411810080572cfff0f8307b93bf Reviewed-on: https://chromium-review.googlesource.com/744183 Commit-Queue: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Geoff Lang <geofflang@chromium.org> [modify] https://crrev.com/d78e33a8da3130f424a10c6053dad05a010beb6e/src/compiler/preprocessor/Tokenizer.cpp [modify] https://crrev.com/d78e33a8da3130f424a10c6053dad05a010beb6e/src/tests/preprocessor_tests/location_test.cpp [modify] https://crrev.com/d78e33a8da3130f424a10c6053dad05a010beb6e/src/compiler/preprocessor/DiagnosticsBase.cpp [modify] https://crrev.com/d78e33a8da3130f424a10c6053dad05a010beb6e/src/compiler/preprocessor/Tokenizer.l [modify] https://crrev.com/d78e33a8da3130f424a10c6053dad05a010beb6e/src/compiler/preprocessor/Input.cpp
,
Nov 1 2017
The following revision refers to this bug: https://skia.googlesource.com/skia/+/407750ffd84fac63d70793b0d485a84facd2987b commit 407750ffd84fac63d70793b0d485a84facd2987b Author: angle-deps-roller@chromium.org <angle-deps-roller@chromium.org> Date: Wed Nov 01 17:59:10 2017 Roll skia/third_party/externals/angle2/ 63458a3ed..4751aabb7 (3 commits) https://chromium.googlesource.com/angle/angle.git/+log/63458a3ed819..4751aabb7614 $ git log 63458a3ed..4751aabb7 --date=short --no-merges --format='%ad %ae %s' 2017-10-30 geofflang Fix minor issues with ANGLE_texture_rectangle. 2017-10-30 cwallez preprocessor: Fix lineno overflow on line continuations 2017-11-01 geofflang Revert BGRA renderability change for ES drivers. Created with: roll-dep skia/third_party/externals/angle2 BUG= 774807 , 779346 The AutoRoll server is located here: https://angle-skia-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=skia.primary:Perf-Win10-Clang-AlphaR2-GPU-RadeonR9M470X-x86_64-Debug-All-ANGLE,Perf-Win10-MSVC-Golo-GPU-QuadroP400-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUC5i7RYH-GPU-IntelIris6100-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUC6i5SYK-GPU-IntelIris540-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUCD34010WYKH-GPU-IntelHD4400-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-ShuttleC-GPU-GTX960-x86_64-Debug-All-ANGLE,Test-Win10-Clang-AlphaR2-GPU-RadeonR9M470X-x86_64-Debug-All-ANGLE,Test-Win10-MSVC-Golo-GPU-QuadroP400-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUC5i7RYH-GPU-IntelIris6100-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUC6i5SYK-GPU-IntelIris540-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUCD34010WYKH-GPU-IntelHD4400-x86_64-Debug-All-ANGLE,Test-Win10-Clang-ShuttleC-GPU-GTX960-x86_64-Debug-All-ANGLE,Build-Debian9-GCC-x86_64-Release-ANGLE TBR=stani@google.com Change-Id: If9875dc915b6e4db290bf706869a94ef65fc7597 Reviewed-on: https://skia-review.googlesource.com/66283 Commit-Queue: angle-deps-roller . <angle-deps-roller@chromium.org> Reviewed-by: angle-deps-roller . <angle-deps-roller@chromium.org> [modify] https://crrev.com/407750ffd84fac63d70793b0d485a84facd2987b/DEPS
,
Nov 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c2ef14a3402ecfd9b9331bdd2748bc3a559d2227 commit c2ef14a3402ecfd9b9331bdd2748bc3a559d2227 Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org> Date: Wed Nov 01 19:52:15 2017 Roll src/third_party/skia/ 206bda5b7..d29e0da35 (10 commits) https://skia.googlesource.com/skia.git/+log/206bda5b7931..d29e0da3523e $ git log 206bda5b7..d29e0da35 --date=short --no-merges --format='%ad %ae %s' 2017-11-01 csmartdalton Fold analytic clip FPs into GrReducedClip 2017-11-01 angle-deps-roller Roll skia/third_party/externals/angle2/ 63458a3ed..4751aabb7 (3 commits) 2017-11-01 bungeman Directly use SkScalerContextRec. 2017-11-01 fmalita Gradient cleanup pass 2017-11-01 brianosman Add testcase for gbr config running on GTX1070 bots to test.py 2017-11-01 angle-deps-roller Roll skia/third_party/externals/angle2/ 206a58d1f..63458a3ed (1 commit) 2017-11-01 csmartdalton Revert "Fold analytic clip FPs into GrReducedClip" 2017-10-31 csmartdalton Fold analytic clip FPs into GrReducedClip 2017-11-01 brianosman Test SkColorSpaceXformCanvas on GTX1070 bots 2017-11-01 mtklein consolidate SkSRGB functions, and remove unused Created with: roll-dep src/third_party/skia BUG= 774807 , 779346 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel TBR=stani@chromium.org Change-Id: I4acba3e45376fc7007bd455124260045960e9aa3 Reviewed-on: https://chromium-review.googlesource.com/749046 Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org> Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#513225} [modify] https://crrev.com/c2ef14a3402ecfd9b9331bdd2748bc3a559d2227/DEPS
,
Nov 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/09ce14c7d3c8ef1dd4e7e32fc1ed043b703d8da9 commit 09ce14c7d3c8ef1dd4e7e32fc1ed043b703d8da9 Author: angle-deps-roller@chromium.org <angle-deps-roller@chromium.org> Date: Fri Nov 03 05:32:24 2017 Roll src/third_party/angle/ 63458a3ed..7b62cf97d (24 commits) https://chromium.googlesource.com/angle/angle.git/+log/63458a3ed819..7b62cf97d12b $ git log 63458a3ed..7b62cf97d --date=short --no-merges --format='%ad %ae %s' 2017-11-02 jmadill Refactor TextureFormatMap to store an array. 2017-11-02 jmadill Add missing reset to GL multi-view dirty bits. 2017-11-02 jmadill Use active textures mask with robust init. 2017-11-02 jmadill Vulkan: Refactor format table. 2017-11-02 oetuaho Remove repeated "success" check from compileTreeImpl 2017-10-27 jie.a.chen ES31 program query: support AtomicCounterBuffer and UniformBlock 2017-11-02 jmadill Add a meta-script to run code generators. 2017-10-27 geofflang Pass offsets to base validation for CompressedSubTexImage3D. 2017-10-28 jmadill Vulkan: Add vk::GetImpl helper. 2017-10-28 jmadill Vulkan: Allow in-flight Framebuffer changes. 2017-11-02 oetuaho Add missing check in Compiler 2017-11-01 jie.a.chen Refactor StaticallyUsed 2017-09-27 geofflang Make GL_OES_get_program_binary enableable. 2017-10-27 ynovikov Run angle_perftests on GLES backend 2017-10-28 jmadill Vulkan: Fix deleting in-use Framebuffer. 2017-10-30 geofflang Make compressed texture format extensions enableable. 2017-11-01 jmadill Vulkan: Support Texture redefinition. 2017-10-30 geofflang Make ANGLE_texture_usage enableable. 2017-10-28 jmadill Vulkan: Fix re-creating buffer storage. 2017-10-28 jmadill Introduce SimpleStateChangeTests. 2017-10-28 jmadill Remove WrappedObject::retain. 2017-10-30 geofflang Fix minor issues with ANGLE_texture_rectangle. 2017-10-30 cwallez preprocessor: Fix lineno overflow on line continuations 2017-11-01 geofflang Revert BGRA renderability change for ES drivers. Created with: roll-dep src/third_party/angle BUG= 780545 ,675997, 774807 , 779346 The AutoRoll server is located here: https://angle-chromium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel TBR=cwallez@chromium.org Change-Id: Ic633a311ad465c126e473a2c38704b034c7e799d Reviewed-on: https://chromium-review.googlesource.com/752511 Reviewed-by: angle-deps-roller . <angle-deps-roller@chromium.org> Commit-Queue: angle-deps-roller . <angle-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#513699} [modify] https://crrev.com/09ce14c7d3c8ef1dd4e7e32fc1ed043b703d8da9/DEPS
,
Nov 4 2017
ClusterFuzz has detected this issue as fixed in range 513694:513713. Detailed report: https://clusterfuzz.com/testcase?key=6425274353975296 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: pp::Input::read yy_get_next_buffer pplex Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=423338:423416 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=513694:513713 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6425274353975296 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 4 2017
ClusterFuzz testcase 6425274353975296 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by kkaluri@chromium.org
, Oct 16 2017Components: UI>Input Blink>Input
Labels: M-62 Test-Predator-Wrong CF-NeedsTriage