New issue
Advanced search Search tips

Issue 807904 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Feb 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Security



Sign in to add a comment

Use-of-uninitialized-value in unpack_RGBANUMBER_REV

Project Member Reported by ClusterFuzz, Feb 1 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6356105727574016

Fuzzer: inferno_twister_c
Job Type: linux_msan_chrome
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  unpack_RGBANUMBER_REV
  _swrast_BlitFramebuffer
  _mesa_BlitFramebufferEXT
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=513290:513524

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6356105727574016

Additional requirements: Requires HTTP

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Feb 1 2018

Labels: Test-Predator-Auto-Owner
Owner: piman@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/3d0a6b53e6786dce889c6bf5b06ee100e8250bbe (Coalesce and extend bindings for MSAA rendering extensions).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Project Member

Comment 2 by sheriffbot@chromium.org, Feb 1 2018

Labels: M-64
Project Member

Comment 3 by sheriffbot@chromium.org, Feb 1 2018

Labels: Pri-1
Components: Internals>GPU>Internals

Comment 5 by piman@chromium.org, Feb 1 2018

Status: WontFix (was: Assigned)
That's a bug in osmesa, which we don't ship in production (only for tests). It's old and has lots of bugs, and we've been punting on those, with the expectation that we will eventually use SwiftShader instead.
Project Member

Comment 6 by ClusterFuzz, Feb 8 2018

Labels: Needs-Feedback
ClusterFuzz testcase 5946815678251008 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 7 by piman@chromium.org, Feb 8 2018

Labels: ClusterFuzz-Ignore
Project Member

Comment 8 by sheriffbot@chromium.org, May 11 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment