Integer-overflow in sw::Renderer::setupPoint |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5316130750332928 Fuzzer: inferno_twister_c Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: sw::Renderer::setupPoint sw::Renderer::setupPoints sw::Renderer::executeTask Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=463855:463874 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5316130750332928 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Dec 22 2017
This point primitive is far outside of the viewport, so it gets clipped away, but we still compute its integer coordinates, which overflow. This is benign because we don't actually use them; they're just computed eagerly. Could probably be fixed by moving those two lines below the CLIP_FINITE check.
,
Jan 19 2018
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label. |
|||
►
Sign in to add a comment |
|||
Comment 1 by pnangunoori@chromium.org
, Nov 17 2017Labels: Test-Predator-Wrong M-63
Owner: capn@chromium.org
Status: Assigned (was: Untriaged)