Null-dereference READ in yyparse |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5737692972449792 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: yyparse sh::PaParseStrings sh::TCompiler::compileTreeImpl Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=514567:514605 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5737692972449792 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/7af63727f0582dd3a5d563c561dd86161e6105a9 commit 7af63727f0582dd3a5d563c561dd86161e6105a9 Author: Olli Etuaho <oetuaho@nvidia.com> Date: Mon Nov 13 14:07:40 2017 Fix nullptr dereference on struct parameter error Function parameter name string does not necessarily exist, so it's better to use the function name as the token in the error message. BUG= chromium:784158 TEST=angle_unittests Change-Id: I8f3b8604fd702bdc9486b8d721a5f60de1ff3fa7 Reviewed-on: https://chromium-review.googlesource.com/765972 Reviewed-by: Jamie Madill <jmadill@chromium.org> Commit-Queue: Olli Etuaho <oetuaho@nvidia.com> [modify] https://crrev.com/7af63727f0582dd3a5d563c561dd86161e6105a9/src/compiler/translator/ParseContext.cpp [modify] https://crrev.com/7af63727f0582dd3a5d563c561dd86161e6105a9/src/tests/compiler_tests/ShaderValidation_test.cpp
,
Nov 13 2017
The following revision refers to this bug: https://skia.googlesource.com/skia/+/1ff420653d72b1ba9a0621f09316febe2d82f86d commit 1ff420653d72b1ba9a0621f09316febe2d82f86d Author: angle-deps-roller@chromium.org <angle-deps-roller@chromium.org> Date: Mon Nov 13 15:47:21 2017 Roll skia/third_party/externals/angle2/ 197445296..7af63727f (2 commits) https://chromium.googlesource.com/angle/angle.git/+log/1974452966bb..7af63727f058 $ git log 197445296..7af63727f --date=short --no-merges --format='%ad %ae %s' 2017-11-13 oetuaho Fix nullptr dereference on struct parameter error 2017-11-13 oetuaho Fix MSVS 2015 warnings Created with: roll-dep skia/third_party/externals/angle2 BUG= 784158 The AutoRoll server is located here: https://angle-skia-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=skia.primary:Perf-Win10-Clang-AlphaR2-GPU-RadeonR9M470X-x86_64-Debug-All-ANGLE,Perf-Win10-MSVC-Golo-GPU-QuadroP400-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUC5i7RYH-GPU-IntelIris6100-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUC6i5SYK-GPU-IntelIris540-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUCD34010WYKH-GPU-IntelHD4400-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-ShuttleC-GPU-GTX960-x86_64-Debug-All-ANGLE,Test-Win10-Clang-AlphaR2-GPU-RadeonR9M470X-x86_64-Debug-All-ANGLE,Test-Win10-MSVC-Golo-GPU-QuadroP400-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUC5i7RYH-GPU-IntelIris6100-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUC6i5SYK-GPU-IntelIris540-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUCD34010WYKH-GPU-IntelHD4400-x86_64-Debug-All-ANGLE,Test-Win10-Clang-ShuttleC-GPU-GTX960-x86_64-Debug-All-ANGLE,Build-Debian9-GCC-x86_64-Release-ANGLE TBR=brianosman@google.com Change-Id: Ib6e2caee0ae13087fdddce5f6341bab3d8c2100a Reviewed-on: https://skia-review.googlesource.com/70563 Reviewed-by: angle-deps-roller . <angle-deps-roller@chromium.org> Commit-Queue: angle-deps-roller . <angle-deps-roller@chromium.org> [modify] https://crrev.com/1ff420653d72b1ba9a0621f09316febe2d82f86d/DEPS
,
Nov 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e6eb32fc22a8ba0bc2765e38a5b5678855d86744 commit e6eb32fc22a8ba0bc2765e38a5b5678855d86744 Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org> Date: Mon Nov 13 19:26:29 2017 Roll src/third_party/skia/ 8d5ce2d9e..b251b72d3 (7 commits) https://skia.googlesource.com/skia.git/+log/8d5ce2d9ede0..b251b72d3d91 $ git log 8d5ce2d9e..b251b72d3 --date=short --no-merges --format='%ad %ae %s' 2017-11-13 mtklein add platform_font_manager() 2017-11-13 bungeman Extract Android FontMgr part of Typeface test. 2017-11-13 bsalomon Drop support for OSMesa in test tools and remove build bot 2017-11-13 angle-deps-roller Roll skia/third_party/externals/angle2/ 197445296..7af63727f (2 commits) 2017-11-13 angle-deps-roller Roll skia/third_party/externals/angle2/ 703671e9f..197445296 (1 commit) 2017-11-10 ethannicholas sksl enum support 2017-11-13 robertphillips Revert "Patch up ref counting of proxies" Created with: roll-dep src/third_party/skia BUG= 784158 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel TBR=brianosman@chromium.org Change-Id: I1a4968ab59bcefb054cd49051408e5f4437f26cd Reviewed-on: https://chromium-review.googlesource.com/766849 Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org> Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#516000} [modify] https://crrev.com/e6eb32fc22a8ba0bc2765e38a5b5678855d86744/DEPS
,
Nov 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a317bd1a60e88c56570078fa73513ce91c3dc848 commit a317bd1a60e88c56570078fa73513ce91c3dc848 Author: angle-deps-roller@chromium.org <angle-deps-roller@chromium.org> Date: Mon Nov 13 20:41:31 2017 Roll src/third_party/angle/ 197445296..7af63727f (2 commits) https://chromium.googlesource.com/angle/angle.git/+log/1974452966bb..7af63727f058 $ git log 197445296..7af63727f --date=short --no-merges --format='%ad %ae %s' 2017-11-13 oetuaho Fix nullptr dereference on struct parameter error 2017-11-13 oetuaho Fix MSVS 2015 warnings Created with: roll-dep src/third_party/angle BUG= 784158 The AutoRoll server is located here: https://angle-chromium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel TBR=ynovikov@chromium.org Change-Id: I107192c15d2261899e64e715d49c3a5f9f85e68d Reviewed-on: https://chromium-review.googlesource.com/767048 Reviewed-by: angle-deps-roller . <angle-deps-roller@chromium.org> Commit-Queue: angle-deps-roller . <angle-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#516035} [modify] https://crrev.com/a317bd1a60e88c56570078fa73513ce91c3dc848/DEPS
,
Nov 14 2017
ClusterFuzz has detected this issue as fixed in range 516008:516037. Detailed report: https://clusterfuzz.com/testcase?key=5737692972449792 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: yyparse sh::PaParseStrings sh::TCompiler::compileTreeImpl Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=514567:514605 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=516008:516037 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5737692972449792 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 14 2017
,
Nov 14 2017
,
Nov 14 2017
ClusterFuzz testcase 5083374996946944 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Nov 12 2017Owner: oetu...@nvidia.com
Status: Assigned (was: Untriaged)