ASSERT: safeIndex >= 0 |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6547054888484864 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: safeIndex >= 0 sh::TParseContext::addIndexExpression yyparse Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=511958:511989 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6547054888484864 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/ef7fb38861f980c6deb7a5ed37286305e9cbcb01 commit ef7fb38861f980c6deb7a5ed37286305e9cbcb01 Author: Olli Etuaho <oetuaho@nvidia.com> Date: Tue Nov 07 19:51:45 2017 Size const unsized arrays without an initializer The array size for unsized arrays needs to be sanitized in all cases, since subsequent checks on array indexing depend on all arrays being sized. BUG= chromium:781729 TEST=angle_unittests Change-Id: I3af6c08bb249a19f7c2ef169c877a2b863eb31d3 Reviewed-on: https://chromium-review.googlesource.com/757101 Commit-Queue: Olli Etuaho <oetuaho@nvidia.com> Reviewed-by: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Jamie Madill <jmadill@chromium.org> [modify] https://crrev.com/ef7fb38861f980c6deb7a5ed37286305e9cbcb01/src/compiler/translator/ParseContext.cpp [modify] https://crrev.com/ef7fb38861f980c6deb7a5ed37286305e9cbcb01/src/tests/compiler_tests/ShaderValidation_test.cpp
,
Nov 7 2017
The following revision refers to this bug: https://skia.googlesource.com/skia/+/cbba29ed4764b9a9da58710aed18aec6f3bd0ce0 commit cbba29ed4764b9a9da58710aed18aec6f3bd0ce0 Author: angle-deps-roller@chromium.org <angle-deps-roller@chromium.org> Date: Tue Nov 07 21:20:14 2017 Roll skia/third_party/externals/angle2/ fb05264b5..7af0de52d (3 commits) https://chromium.googlesource.com/angle/angle.git/+log/fb05264b5b0c..7af0de52d12f $ git log fb05264b5..7af0de52d --date=short --no-merges --format='%ad %ae %s' 2017-11-06 jmadill Rename UniformLinker.cpp/h to ProgramLinkedResources. 2017-11-07 oetuaho Size const unsized arrays without an initializer 2017-10-27 oetuaho Only store innermost array offset in VariableLocation Created with: roll-dep skia/third_party/externals/angle2 BUG= 781729 The AutoRoll server is located here: https://angle-skia-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=skia.primary:Perf-Win10-Clang-AlphaR2-GPU-RadeonR9M470X-x86_64-Debug-All-ANGLE,Perf-Win10-MSVC-Golo-GPU-QuadroP400-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUC5i7RYH-GPU-IntelIris6100-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUC6i5SYK-GPU-IntelIris540-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUCD34010WYKH-GPU-IntelHD4400-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-ShuttleC-GPU-GTX960-x86_64-Debug-All-ANGLE,Test-Win10-Clang-AlphaR2-GPU-RadeonR9M470X-x86_64-Debug-All-ANGLE,Test-Win10-MSVC-Golo-GPU-QuadroP400-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUC5i7RYH-GPU-IntelIris6100-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUC6i5SYK-GPU-IntelIris540-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUCD34010WYKH-GPU-IntelHD4400-x86_64-Debug-All-ANGLE,Test-Win10-Clang-ShuttleC-GPU-GTX960-x86_64-Debug-All-ANGLE,Build-Debian9-GCC-x86_64-Release-ANGLE TBR=egdaniel@google.com Change-Id: I3230dc7d9a243e133164b69c9763e0f12cd9a242 Reviewed-on: https://skia-review.googlesource.com/68421 Reviewed-by: angle-deps-roller . <angle-deps-roller@chromium.org> Commit-Queue: angle-deps-roller . <angle-deps-roller@chromium.org> [modify] https://crrev.com/cbba29ed4764b9a9da58710aed18aec6f3bd0ce0/DEPS
,
Nov 7 2017
,
Nov 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/53e403100ccac10b70cf1096db35bcbfa1554a2e commit 53e403100ccac10b70cf1096db35bcbfa1554a2e Author: angle-deps-roller@chromium.org <angle-deps-roller@chromium.org> Date: Thu Nov 09 17:30:37 2017 Roll src/third_party/angle/ d80f2944c..70b715c9b (14 commits) https://chromium.googlesource.com/angle/angle.git/+log/d80f2944cf13..70b715c9b8bc $ git log d80f2944c..70b715c9b --date=short --no-merges --format='%ad %ae %s' 2017-11-07 yunchao.he ES31: Add test for DispatchCompute with rendering program 2017-11-03 jiawei.shao Skip hasMappedBuffer check in draw validations in WebGL contexts 2017-10-26 jiawei.shao ES31: Support EXT_geometry_shader in GLSL compiler 2017-10-31 jgilbert KHR_create_context with GLES forbids _KHR reset notification enum. 2017-11-07 jmadill Move LazyResource::resolveImpl to the cpp. 2017-11-08 jmadill Link interface blocks in ProgramImpl::link. 2017-10-31 jgilbert attachmentsHaveSameDimensions should not compare depths. 2017-10-30 cwallez Split pixelBuffer from pack/unpack state 2017-11-06 cwallez Add back dirty bits for pack / unpack buffer binding 2017-11-06 jmadill Rename UniformLinker.cpp/h to ProgramLinkedResources. 2017-11-07 oetuaho Size const unsized arrays without an initializer 2017-10-27 oetuaho Only store innermost array offset in VariableLocation 2017-10-24 geofflang Disallow null pixel data for TexSubImage that have non-zero size. 2017-11-07 jmadill Pass InterfaceBlockLinker to ProgramImpl::link. Created with: roll-dep src/third_party/angle BUG= 781729 The AutoRoll server is located here: https://angle-chromium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel TBR=geofflang@chromium.org Change-Id: I895af7e8c73982e88413866985c1ca9649d585ae Reviewed-on: https://chromium-review.googlesource.com/760656 Reviewed-by: angle-deps-roller . <angle-deps-roller@chromium.org> Commit-Queue: angle-deps-roller . <angle-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#515198} [modify] https://crrev.com/53e403100ccac10b70cf1096db35bcbfa1554a2e/DEPS
,
Nov 10 2017
ClusterFuzz has detected this issue as fixed in range 515179:515198. Detailed report: https://clusterfuzz.com/testcase?key=6547054888484864 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: safeIndex >= 0 sh::TParseContext::addIndexExpression yyparse Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=511958:511989 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=515179:515198 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6547054888484864 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 10 2017
,
Nov 10 2017
ClusterFuzz testcase 6547054888484864 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Nov 6 2017Owner: oetu...@nvidia.com
Status: Assigned (was: Untriaged)