New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 807612 link

Starred by 1 user
Status: Duplicate
Merged: issue 859623
Owner:
zmo@chromium.org
Closed: Jul 26
Cc:
kbr@chromium.org
kainino@chromium.org
brajkumar@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , ChromeOS , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Null-dereference READ in bool blink::WebGLRenderingContextBase::ValidateTexImageSubRectangle<blink::Image

Project Member Reported by ClusterFuzz, Jan 31 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6522661136760832

Fuzzer: inferno_twister_c
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  bool blink::WebGLRenderingContextBase::ValidateTexImageSubRectangle<blink::Image
  blink::WebGLRenderingContextBase::TexImageImpl
  blink::WebGLRenderingContextBase::TexImageHelperHTMLCanvasElement
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=508656:508668

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6522661136760832

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
Project Member

Comment 1 by ClusterFuzz, Jan 31 2018

Components: Blink>WebGL
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Jan 31 2018

Labels: Test-Predator-Auto-Owner
Owner: mlamouri@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/c2619827dfb9573977792844b408c6ffd7e5c565 (Move HTMLAudio*, HTMLMedia* and HTMLVideo* to core/html/media/.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by mlamouri@chromium.org, Jan 31 2018

Owner: ----
Status: Available (was: Assigned)
Unassigning, I was only moving files and changing #include.

Comment 4 by kainino@chromium.org, Feb 1 2018

Labels: Test-Predator-Wrong-CLs
Status: Untriaged (was: Available)
->Untriaged, so this will get looked at.

Comment 5 by brajkumar@chromium.org, Feb 1 2018

Cc: kbr@chromium.org
Labels: M-64 CF-NeedsTriage

Comment 6 by piman@chromium.org, Feb 5 2018

Cc: kainino@chromium.org
Owner: kbr@chromium.org
Status: Assigned (was: Untriaged)
CF not loading at this time, can't tell the stack, but looks WebGL related -> kbr for triage.

Comment 7 by kbr@chromium.org, Feb 5 2018

Owner: zmo@chromium.org
Need help triaging this. Mo or Kai, can you please help?

Comment 8 by kainino@chromium.org, Feb 5 2018 

This was formerly marked as Reproducible, but according to clusterfuzz that's no longer true. I tried briefly but haven't been able to reproduce this locally. So I'm not sure how to move forward.

Comment 9 by kainino@chromium.org, Feb 5 2018

Labels: -Pri-1 -Reproducible Pri-2
I did the complete `clusterfuzz reproduce 6522661136760832` with no luck. I'm at least downgrading for now.

Comment 10 by kainino@chromium.org, Feb 7 2018 

 Issue 809300  has been merged into this issue.
Project Member

Comment 11 by ClusterFuzz, Feb 10 2018

Labels: OS-Mac
Project Member

Comment 12 by ClusterFuzz, Feb 26 2018

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5667434598760448 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 13 by kainino@chromium.org, Mar 1 2018 

 Issue 817319  has been merged into this issue.

Comment 14 by kainino@chromium.org, Mar 1 2018

Labels: -ClusterFuzz-Verified ClusterFuzz-Wrong
Status: Untriaged (was: Verified)
According to  issue 817319  this is still happening.

Comment 15 by kainino@chromium.org, Mar 1 2018

Status: Assigned (was: Untriaged)
Project Member

Comment 16 by ClusterFuzz, Mar 4 2018

Labels: OS-Chromeos
Project Member

Comment 17 by ClusterFuzz, Mar 9 2018

Labels: OS-Chrome

Comment 18 by brajkumar@chromium.org, Mar 12 2018

Cc: brajkumar@chromium.org
 Issue 820828  has been merged into this issue.

Comment 19 by kainino@chromium.org, Jul 26 

I'm pretty confident this is the same as the newer, slightly more informative,  issue 859623 , which I'm currently looking at.

Comment 20 by kainino@chromium.org, Jul 26

Mergedinto: 859623
Status: Duplicate (was: Assigned)

Sign in to add a comment