New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 822590 link

Starred by 1 user

Issue metadata

Status: WontFix
Merged: issue 726075
Owner:
OOO until 2019-01-24
Closed: Mar 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in swrast_dri.so

Project Member Reported by ClusterFuzz, Mar 16 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5591728434970624

Fuzzer: inferno_twister
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7fffad854f40
Crash State:
  swrast_dri.so
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=514498:517889

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5591728434970624

Additional requirements: Requires HTTP

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by sheriffbot@chromium.org, Mar 16 2018

Labels: M-66
Project Member

Comment 2 by sheriffbot@chromium.org, Mar 17 2018

Labels: Pri-1
Components: Blink>WebGL Internals>GPU
Labels: -Security_Impact-Stable -Security_Severity-Medium Security_Impact-None Security_Severity-Low
Owner: kbr@chromium.org
There's this line in the logs, mentioning the test case html file:

[8810:8810:0306/082610.260076:INFO:CONSOLE(0)] "WebGL: CONTEXT_LOST_WEBGL: loseContext: context lost", source: http://127.0.0.1:8000/fuzzer-testcases/glsl/bugs/fuzz-http-92.html (0)

There are multiple WebGL rolls. Assigning to kbr@ to triage and route.

Setting severity low (an invalid read will generally only cause crashes and thus DoS) and impact none (I don't think we're using swrast_dri in production on any devices).

Comment 4 by kbr@chromium.org, Mar 20 2018

Cc: capn@chromium.org mbarbe...@chromium.org sugoi@chromium.org
Mergedinto: 726075
Status: Duplicate (was: Untriaged)
It's infeasible for us to fix bugs in the old version of Mesa which Chromium is currently using for testing. We are close to switching over to SwiftShader for all of these tests and will then delete this copy of Mesa and start triaging any bugs in SwiftShader that are found.

It may be worth changing the fuzzers now to pass --use-gl=swiftshader on Linux. That should work now, and will have more value.

Status: WontFix (was: Duplicate)
Project Member

Comment 6 by sheriffbot@chromium.org, Aug 28

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment