ASSERT: safeIndex >= 0 |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5786830678261760 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: safeIndex >= 0 sh::TParseContext::addIndexExpression yyparse Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=519370:519411 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5786830678261760 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 28 2017
,
Nov 28 2017
,
Nov 28 2017
Issue 789003 has been merged into this issue.
,
Nov 28 2017
Issue 788977 has been merged into this issue.
,
Nov 28 2017
Issue 789032 has been merged into this issue.
,
Nov 28 2017
Issue 789008 has been merged into this issue.
,
Nov 28 2017
,
Nov 29 2017
Testcase 5228352054231040 is a top crash on ClusterFuzz for windows platform. Please prioritize fixing this crash. Marking this crash as a Beta release blocker. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 29 2017
The following revision refers to this bug: https://chromium.googlesource.com/angle/angle/+/f13cadd8bd5fa1f4f4ab78b594812117c26a4b95 commit f13cadd8bd5fa1f4f4ab78b594812117c26a4b95 Author: Olli Etuaho <oetuaho@nvidia.com> Date: Wed Nov 29 10:23:05 2017 Fix checking negative index when indexing matrix/vector It's important that the test against the maximum of the valid range is only done if the index is positive, so the sanitized index value is guaranteed to end up in the valid range. This fixes a regression from commit "Add GLSL support for runtime-sized arrays in SSBOs". BUG= chromium:789029 TEST=angle_unittests Change-Id: Ic7125e383a64e46994b072df6d7e642432c521af Reviewed-on: https://chromium-review.googlesource.com/792935 Reviewed-by: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Jamie Madill <jmadill@chromium.org> Commit-Queue: Olli Etuaho <oetuaho@nvidia.com> [modify] https://crrev.com/f13cadd8bd5fa1f4f4ab78b594812117c26a4b95/src/compiler/translator/ParseContext.cpp [modify] https://crrev.com/f13cadd8bd5fa1f4f4ab78b594812117c26a4b95/src/tests/compiler_tests/ShaderValidation_test.cpp
,
Nov 29 2017
The following revision refers to this bug: https://skia.googlesource.com/skia/+/3cc8092947882a59f7ded61c3ca44a569ae95b38 commit 3cc8092947882a59f7ded61c3ca44a569ae95b38 Author: angle-deps-roller@chromium.org <angle-deps-roller@chromium.org> Date: Wed Nov 29 11:47:59 2017 Roll skia/third_party/externals/angle2/ 57ea533f7..f13cadd8b (1 commit) https://chromium.googlesource.com/angle/angle.git/+log/57ea533f79a7..f13cadd8bd5f $ git log 57ea533f7..f13cadd8b --date=short --no-merges --format='%ad %ae %s' 2017-11-28 oetuaho Fix checking negative index when indexing matrix/vector Created with: roll-dep skia/third_party/externals/angle2 BUG= 789029 The AutoRoll server is located here: https://angle-skia-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=skia.primary:Perf-Win10-Clang-AlphaR2-GPU-RadeonR9M470X-x86_64-Debug-All-ANGLE,Perf-Win10-MSVC-Golo-GPU-QuadroP400-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUC5i7RYH-GPU-IntelIris6100-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUC6i5SYK-GPU-IntelIris540-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-NUCD34010WYKH-GPU-IntelHD4400-x86_64-Debug-All-ANGLE,Perf-Win10-Clang-ShuttleC-GPU-GTX960-x86_64-Debug-All-ANGLE,Test-Win10-Clang-AlphaR2-GPU-RadeonR9M470X-x86_64-Debug-All-ANGLE,Test-Win10-MSVC-Golo-GPU-QuadroP400-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUC5i7RYH-GPU-IntelIris6100-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUC6i5SYK-GPU-IntelIris540-x86_64-Debug-All-ANGLE,Test-Win10-Clang-NUCD34010WYKH-GPU-IntelHD4400-x86_64-Debug-All-ANGLE,Test-Win10-Clang-ShuttleC-GPU-GTX960-x86_64-Debug-All-ANGLE,Build-Debian9-GCC-x86_64-Release-ANGLE TBR=allanmac@google.com Change-Id: I6d6b6eac2ae363aa76dbcbb2e7bf56ab27afc1b4 Reviewed-on: https://skia-review.googlesource.com/77380 Reviewed-by: angle-deps-roller . <angle-deps-roller@chromium.org> Commit-Queue: angle-deps-roller . <angle-deps-roller@chromium.org> [modify] https://crrev.com/3cc8092947882a59f7ded61c3ca44a569ae95b38/DEPS
,
Nov 29 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/28d059505cb7dc00553161e1ecb6b866000e74e5 commit 28d059505cb7dc00553161e1ecb6b866000e74e5 Author: angle-deps-roller@chromium.org <angle-deps-roller@chromium.org> Date: Wed Nov 29 11:50:10 2017 Roll src/third_party/angle/ 57ea533f7..f13cadd8b (1 commit) https://chromium.googlesource.com/angle/angle.git/+log/57ea533f79a7..f13cadd8bd5f $ git log 57ea533f7..f13cadd8b --date=short --no-merges --format='%ad %ae %s' 2017-11-28 oetuaho Fix checking negative index when indexing matrix/vector Created with: roll-dep src/third_party/angle BUG= 789029 The AutoRoll server is located here: https://angle-chromium-roll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel TBR=jmadill@chromium.org Change-Id: Id9e8fc9136fd56adf4c8e7abc87749dac4bd4401 Reviewed-on: https://chromium-review.googlesource.com/796010 Reviewed-by: angle-deps-roller . <angle-deps-roller@chromium.org> Commit-Queue: angle-deps-roller . <angle-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#520077} [modify] https://crrev.com/28d059505cb7dc00553161e1ecb6b866000e74e5/DEPS
,
Nov 29 2017
Issue (and all the other automatically reported bugs pointing to the same root cause that have been duplicated to this one) should be fixed now. Sorry about this breakage, good thing that fuzzing caught it fast.
,
Nov 29 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e417f485a757e19d73c11383f42960901c6d19ca commit e417f485a757e19d73c11383f42960901c6d19ca Author: skia-deps-roller@chromium.org <skia-deps-roller@chromium.org> Date: Wed Nov 29 15:16:35 2017 Roll src/third_party/skia/ 1ba5bfe59..3cc809294 (1 commit) https://skia.googlesource.com/skia.git/+log/1ba5bfe59056..3cc809294788 $ git log 1ba5bfe59..3cc809294 --date=short --no-merges --format='%ad %ae %s' 2017-11-29 angle-deps-roller Roll skia/third_party/externals/angle2/ 57ea533f7..f13cadd8b (1 commit) Created with: roll-dep src/third_party/skia BUG= 789029 The AutoRoll server is located here: https://autoroll.skia.org Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, please contact the current sheriff, who should be CC'd on the roll, and stop the roller if necessary. CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel TBR=allanmac@chromium.org Change-Id: Iedf55657af2a5f6a50ab047e36cb823abf7783c9 Reviewed-on: https://chromium-review.googlesource.com/795791 Reviewed-by: Skia Deps Roller <skia-deps-roller@chromium.org> Commit-Queue: Skia Deps Roller <skia-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#520114} [modify] https://crrev.com/e417f485a757e19d73c11383f42960901c6d19ca/DEPS
,
Nov 30 2017
ClusterFuzz has detected this issue as fixed in range 520064:520079. Detailed report: https://clusterfuzz.com/testcase?key=5786830678261760 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: safeIndex >= 0 sh::TParseContext::addIndexExpression yyparse Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=519370:519411 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=520064:520079 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5786830678261760 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 30 2017
ClusterFuzz testcase 5786830678261760 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Nov 28 2017Owner: oetu...@nvidia.com
Status: Assigned (was: Untriaged)