Issue metadata
Sign in to add a comment
|
Pointer-overflow in Convert<blink::WebGLImageConversion::kDataFormatBGRA8, |
||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5171963606335488 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Pointer-overflow Crash Address: Crash State: Convert<blink::WebGLImageConversion::kDataFormatBGRA8, Convert<blink::WebGLImageConversion::kDataFormatBGRA8, void blink::FormatConverter::Convert< Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=551565:551567 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5171963606335488 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Apr 25 2018
> Predator was unable to identify any culprit changelists for this test case. > Unable to find actual suspect through code search and also observing no possible suspect CL under regression range, hence adding appropriate label and requesting someone from blink team to look in to this issue. Thanks!
,
Apr 27 2018
junov@, any idea what might be going wrong here? looks canvas related
,
Apr 27 2018
This is probably a bug in WebGL code.
,
Apr 30 2018
Looks like a problem with format conversion in texImage2D. Re-assigning to zmo@ for further triage.
,
May 1 2018
I don't think there is a bug in the code. Instead, I think it's a bug in ubsan reporting. The situation is pointer + offset = new_pointer So ubsan reports pointer overflow if new_pointer < pointer However, in our case, offset is negative. We should make ubsan reporting handle this case correctly. inferno@: can you triage?
,
May 4 2018
,
Jun 26 2018
,
Dec 4
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ClusterFuzz
, Apr 25 2018Labels: Test-Predator-Auto-Components