Integer-overflow in ConstantUnion::operator* |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5532551686127616 Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: ConstantUnion::operator* TIntermConstantUnion::fold TIntermediate::addBinaryMath Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=521492:521536 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5532551686127616 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jan 16 2018
Assigning to SwiftShader team for more updates. @capn - Could you please look into this issue? Thanks!
,
Jan 16 2018
,
Jan 16 2018
The integer overflow is also undefined behavior in the GLSL language that this is compiling, so it's benign.
,
Dec 1
ClusterFuzz testcase 5532551686127616 appears to be flaky, updating reproducibility label.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Jan 15 2018Labels: Test-Predator-Auto-Components