Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

capn@, could you triage this please? Likely something in this roll: https://swiftshader.googlesource.com/SwiftShader.git/+log/05bcbe6..ec2a65b, based on clusterfuzz suspect range.

I was unable to reproduce this locally with the tool. It's apparently a division by zero, but there's an "increment != 0" check a bit higher, so I'm puzzled how that could even happen.

Either way this would most likely be a corner case which impacts very few people, so I'm lowering the priority.

I was able to reproduce it by running the fuzzer itself against the testcase.

It turns out that dividing 0x80000000 by -1 also results in a division exception (because the result can't be represented).

This will just crash the GPU process if a shader contains a loop with 0x80000000 iterations. That's somewhat acceptable since actually executing the loop will cause a timeout, which kills the GPU process.

We'll also replace this with the glslang compiler in the future. So this is low priority.

The following revision refers to this bug:
  https://swiftshader.googlesource.com/SwiftShader.git/+/ac3f2faccda5a53f3003ff66b600ed4e4cec1800

commit ac3f2faccda5a53f3003ff66b600ed4e4cec1800
Author: Nicolas Capens <capn@google.com>
Date: Tue May 29 13:59:43 2018

Detect loop index modifications in loop body.

Loops can only be unrolled if their loop index variable is not being
modified in the loop body.

Also check that the increment step of the loop operates on the initial
index variable.

Also remove some UNIMPLEMENTED's that were benign.

 Bug chromium:845103 
 Bug chromium:843867 
 Bug skia:7846 

Change-Id: Ib2b39f2d58763f0299ce7f6f75a8a75e6bdc7963
Reviewed-on: https://swiftshader-review.googlesource.com/18988
Reviewed-by: Alexis Hétu <sugoi@google.com>
Tested-by: Nicolas Capens <nicolascapens@google.com>

[modify] https://crrev.com/ac3f2faccda5a53f3003ff66b600ed4e4cec1800/src/OpenGL/compiler/OutputASM.cpp
[modify] https://crrev.com/ac3f2faccda5a53f3003ff66b600ed4e4cec1800/src/OpenGL/compiler/OutputASM.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/885440e7b1f0f374c106f0c91bc1ad62a4032356

commit 885440e7b1f0f374c106f0c91bc1ad62a4032356
Author: Nicolas Capens <capn@chromium.org>
Date: Tue May 29 16:05:42 2018

Roll SwiftShader cbb80f5..4b74373

https://swiftshader.googlesource.com/SwiftShader.git/+log/cbb80f5..4b74373

BUG= chromium:845103 , chromium:843867 , skia:7846 

TBR=kbr@chromium.org

TEST=bots

CQ_INCLUDE_TRYBOTS=luci.chromium.try:win_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_chromium_cfi_rel_ng;luci.chromium.try:android_optional_gpu_tests_rel

Change-Id: Ic11ae1fb5e76e40a997a1017913a2901b576898b
Reviewed-on: https://chromium-review.googlesource.com/1076487
Reviewed-by: Alexis Hétu <sugoi@chromium.org>
Commit-Queue: Alexis Hétu <sugoi@chromium.org>
Commit-Queue: Nicolas Capens <capn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#562447}
[modify] https://crrev.com/885440e7b1f0f374c106f0c91bc1ad62a4032356/DEPS

ClusterFuzz has detected this issue as fixed in range 562445:562450.

Detailed report: https://clusterfuzz.com/testcase?key=6097692581953536

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Floating-point-exception
Crash Address: 
Crash State:
  glsl::OutputASM::loopCount
  glsl::OutputASM::visitLoop
  TIntermLoop::traverse
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=529740:529750
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=562445:562450

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6097692581953536

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6097692581953536 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.