Null-dereference WRITE in sw::FrameBufferX11::~FrameBufferX11 |
||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5126381764345856 Fuzzer: ifratric-browserfuzzer-v3 Job Type: linux_lsan_chrome_mp Platform Id: linux Crash Type: Null-dereference WRITE Crash Address: 0x000000000010 Crash State: sw::FrameBufferX11::~FrameBufferX11 egl::WindowSurface::swap gpu::PassThroughImageTransportSurface::SwapBuffers Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=linux_lsan_chrome_mp&range=501602:501627 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5126381764345856 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 16 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/9d5306cf3a84dc6566647d8296f1c6caa2209065 (v8binding: Separate TraceWrapperBase.h from ScriptWrappable.h.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Apr 17 2018
Auto-triage at #c2 seems wrong to me. GPU folks, could you triage this issue?
,
Apr 19 2018
,
Apr 20 2018
Looks like a swiftshader issue. jmadill@ can you help route this?
,
Apr 20 2018
Yeah, use capn or sugoi for SwiftShader issues.
,
Jul 6
The following revision refers to this bug: https://swiftshader.googlesource.com/SwiftShader.git/+/fbba4900f68b12171277175980df2e52517cb6b6 commit fbba4900f68b12171277175980df2e52517cb6b6 Author: Nicolas Capens <capn@google.com> Date: Fri Jul 06 20:55:30 2018 Harden against X11 instability. Avoid accessing null pointers when an X11 call fails. Since EGL doesn't own the X11 window, we expect it to be valid for the duration of the EGL surface. Fail hard if that's not the case. Bug chromium:833229 Bug chromium:824522 Change-Id: Iba5e3832fe312fb50232a13e2163a022f5048a76 Reviewed-on: https://swiftshader-review.googlesource.com/19788 Reviewed-by: Corentin Wallez <cwallez@google.com> Reviewed-by: Nicolas Capens <nicolascapens@google.com> Tested-by: Nicolas Capens <nicolascapens@google.com> [modify] https://crrev.com/fbba4900f68b12171277175980df2e52517cb6b6/src/Main/FrameBufferX11.cpp [modify] https://crrev.com/fbba4900f68b12171277175980df2e52517cb6b6/src/Main/FrameBufferX11.hpp
,
Jul 7
,
Jul 9
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9b9a275b081bf97a3b4cf06bfd2f73fbe7d69020 commit 9b9a275b081bf97a3b4cf06bfd2f73fbe7d69020 Author: Nicolas Capens <capn@chromium.org> Date: Mon Jul 09 13:44:03 2018 Roll SwiftShader 551478a..6a990f8 https://swiftshader.googlesource.com/SwiftShader.git/+log/551478a..6a990f8 BUG= chromium:833229 , chromium:824522 , chromium:860533 TBR=kbr@chromium.org TEST=bots CQ_INCLUDE_TRYBOTS=luci.chromium.try:win_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_chromium_cfi_rel_ng;luci.chromium.try:android_optional_gpu_tests_rel Change-Id: I6ed8a81614a509c703f47be4f8fdb74168381010 Reviewed-on: https://chromium-review.googlesource.com/1128266 Commit-Queue: Nicolas Capens <capn@chromium.org> Reviewed-by: Corentin Wallez <cwallez@chromium.org> Cr-Commit-Position: refs/heads/master@{#573290} [modify] https://crrev.com/9b9a275b081bf97a3b4cf06bfd2f73fbe7d69020/DEPS
,
Jul 16
,
Jul 23
ClusterFuzz testcase 5126381764345856 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
Jul 23
#11: This is a different crash. It's hitting a CHECK: CHECK(InitDefaultFont()) << "Could not find the default font"; CC'ing the author of the line for triage. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ClusterFuzz
, Apr 16 2018Labels: Test-Predator-Auto-Components