Null-dereference READ in size |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6507565207519232 Fuzzer: afl_gpu_swiftshader_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000018 Crash State: size bool es2::Context::getIntegerv<int> es2::GetIntegerv Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=539214:539235 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6507565207519232 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Apr 1 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/27a33c6510b49dda52c27035e4b580738b653a0f (Remove gpu workaround code that no config specifies). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Apr 2 2018
More that seem similar to https://bugs.chromium.org/p/chromium/issues/detail?id=825545#c8. Reassigning.
,
Apr 4 2018
It looks like ClusterFuzz is assigning these issues incorrectly, or I'm missing a change in the regression range that triggered this. Anyway, for this bug there's simply a missing null pointer check. Alexis, can you take this?
,
Apr 4 2018
I think these are technically correct, in the sense that clusterfuzz finds an issue, and then bisects to find an owner. I'm guessing that because I changed the workaround ordering, then the issue doesn't repro before my change and breaks after my change, so therefore my change is the culprit.
,
May 17 2018
ClusterFuzz has detected this issue as fixed in range 559054:559064. Detailed report: https://clusterfuzz.com/testcase?key=6507565207519232 Fuzzer: afl_gpu_swiftshader_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000018 Crash State: size bool es2::Context::getIntegerv<int> es2::GetIntegerv Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=539214:539235 Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=559054:559064 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6507565207519232 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 17 2018
ClusterFuzz testcase 6507565207519232 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Apr 1 2018Labels: Test-Predator-Auto-Components