New issue
Advanced search Search tips

Issue 801987 link

Starred by 1 user
Status: Assigned
Owner:
capn@chromium.org
Cc:
sugoi@chromium.org
capn@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in ConstantUnion::operator*

Project Member Reported by ClusterFuzz, Jan 15 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5532551686127616

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  ConstantUnion::operator*
  TIntermConstantUnion::fold
  TIntermediate::addBinaryMath
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=521492:521536

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5532551686127616

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Jan 15 2018

Components: Internals>GPU>SwiftShader
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 2 by brajkumar@chromium.org, Jan 16 2018

Cc: sugoi@chromium.org
Labels: -Pri-2 M-65 Test-Predator-Wrong Pri-1
Owner: capn@chromium.org
Status: Assigned (was: Untriaged)
Assigning to SwiftShader team for more updates.

@capn - Could you please look into this issue?

Thanks!

Comment 3 by capn@chromium.org, Jan 16 2018

Cc: capn@chromium.org
 Issue 796839  has been merged into this issue.

Comment 4 by capn@chromium.org, Jan 16 2018

Labels: -Pri-1 Pri-2
The integer overflow is also undefined behavior in the GLSL language that this is compiling, so it's benign.
Project Member

Comment 5 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 5532551686127616 appears to be flaky, updating reproducibility label.

Comment 6 by infe...@chromium.org, Dec 1

Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Comment 7 by infe...@chromium.org, Dec 1 

Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Sign in to add a comment