New issue
Advanced search Search tips

Issue 850612 link

Starred by 1 user
Status: Assigned
Owner:
capn@chromium.org
Cc:
nicolasc...@google.com
sugoi@chromium.org
sugoi@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Integer-overflow in glsl::OutputASM::LoopInfo::LoopInfo

Project Member Reported by ClusterFuzz, Jun 7 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5406912154435584

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  glsl::OutputASM::LoopInfo::LoopInfo
  glsl::OutputASM::visitLoop
  TIntermLoop::traverse
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=529739:529747

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5406912154435584

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Jun 7 2018

Components: Internals>GPU>SwiftShader
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Jun 7 2018

Cc: nicolasc...@google.com sugoi@google.com
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 3 by pnangunoori@chromium.org, Jun 8 2018

Labels: M-67 Test-Predator-Wrong-CLs
Owner: sugoi@chromium.org
Status: Assigned (was: Untriaged)
@sugoi -- Could you please look into this issue. 
Assigning this issue to you, as per the update we received from you in the  Issue 781505 . Please reassign if it is not related to your changes.
Thanks. 
Ref Issue: https://bugs.chromium.org/p/chromium/issues/detail?id=781505#c3

Thanks!

Comment 4 by sugoi@chromium.org, Jun 8 2018

Cc: sugoi@chromium.org
Owner: capn@chromium.org
Integer overflow is here:
https://cs.chromium.org/chromium/src/third_party/swiftshader/src/OpenGL/compiler/OutputASM.cpp?l=3882

Code around it was modified in capn@'s cl here:
https://swiftshader-review.googlesource.com/c/SwiftShader/+/18988

Delegating to capn@.

Comment 5 by capn@chromium.org, Aug 2

Labels: -Pri-2 Pri-3
This is benign since it just computes a loop unrolling recommendation. 

Probably won't address this before we replace the compiler with glslang producing SPIR-V.
Project Member

Comment 6 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 5406912154435584 appears to be flaky, updating reproducibility label.

Comment 7 by infe...@chromium.org, Dec 1

Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Comment 8 by infe...@chromium.org, Dec 1 

Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Sign in to add a comment