New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 785932 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Integer-overflow in sw::Renderer::setupPoint

Project Member Reported by ClusterFuzz, Nov 16 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5316130750332928

Fuzzer: inferno_twister_c
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sw::Renderer::setupPoint
  sw::Renderer::setupPoints
  sw::Renderer::executeTask
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=463855:463874

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5316130750332928

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Cc: msrchandra@chromium.org sugoi@chromium.org pnangunoori@chromium.org
Labels: Test-Predator-Wrong M-63
Owner: capn@chromium.org
Status: Assigned (was: Untriaged)
@capn -- Could you please look into this issue as the recent changes are done by you to the file 'Renderer.cpp'. Kindly reassign if it has nothing to do with your changes.

Thanks.

Comment 2 by capn@chromium.org, Dec 22 2017

Labels: -Pri-2 Pri-3
This point primitive is far outside of the viewport, so it gets clipped away, but we still compute its integer coordinates, which overflow. This is benign because we don't actually use them; they're just computed eagerly.

Could probably be fixed by moving those two lines below the CLIP_FINITE check.
Project Member

Comment 3 by ClusterFuzz, Jan 19 2018

Components: Internals>GPU>SwiftShader
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Sign in to add a comment