New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 781505 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Dec 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in ppparse

Project Member Reported by ClusterFuzz, Nov 4 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5370899007275008

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  ppparse
  pp::ExpressionParser::parse
  pp::DirectiveParser::parseExpressionIf
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=512576:512620

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5370899007275008

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Cc: msrchandra@chromium.org pnangunoori@chromium.org
Labels: M-64 Test-Predator-Wrong
Owner: oetu...@nvidia.com
Status: Assigned (was: Untriaged)
As per the  Issue 743136  and  Issue 652223  owner, assigning this issue to @oetuaho.
@oetuaho-- Could you please look into this issue, kindly reassign if it has nothing to do with your changes.
Thanks.

Comment 2 by oetu...@nvidia.com, Nov 7 2017

Owner: capn@chromium.org
This issue is not in ANGLE, but in similar code in SwiftShader. Assigning capn.

Comment 3 by capn@chromium.org, Nov 7 2017

Cc: sugoi@chromium.org
Thanks, we'll take a look in due time.

pnagunoori@, any issues found by the libFuzzer_swiftshader_vertex_routine_fuzzer can be assigned to the SwiftShader team, being me and sugoi@. Thanks.
@capn -- Sure. Thanks for the update.
Project Member

Comment 5 by ClusterFuzz, Dec 5 2017

ClusterFuzz has detected this issue as fixed in range 521492:521536.

Detailed report: https://clusterfuzz.com/testcase?key=5370899007275008

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  ppparse
  pp::ExpressionParser::parse
  pp::DirectiveParser::parseExpressionIf
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=512576:512620
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=521492:521536

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5370899007275008

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Dec 5 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5370899007275008 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment