Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/72bb29070e415e215e2a0095b9266c3ec1c75599 (gpu fuzzers: take configuration bits from input data).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This was actually introduced by https://chromiumcodereview.appspot.com/2409523002 , only uncovered by my CL which made the fuzzer explore the workaround patch.

Maybe using safe math there would be useful?

@piman, How can I reproduce the issue? I have no access to this link https://clusterfuzz.com/testcase?key=4687832707497984. In addition, I suppose that WebGL CTS blitframebuffer-size-overflow.html can cover the integer overflow issue, but that test can pass. 

ANGLE seems to use checked numerics for specific overflow checks. See https://cs.chromium.org/chromium/src/third_party/angle/src/libANGLE/validationES.cpp?type=cs&sq=package:chromium&g=0&l=1353

The parameters in the fuzzer test case are srcX0=0, srcY0=-2147483648, srcX1=100, srcY1=-16777116, dstX0=25855, dstY0=4456448, dstX1=6553638, dstY1=1140850688, mask=637534208, filter=9728

With what looks to be a 0 sized framebuffer (???)

@#5: try accessing the clusterfuzz.com link with your chromium account now? I think if you're cc on the bug you should have access to it.

ClusterFuzz testcase 4687832707497984 appears to be flaky, updating reproducibility label.

Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

ClusterFuzz has detected this issue as fixed in range 613664:613685.

Detailed report: https://clusterfuzz.com/testcase?key=4687832707497984

Fuzzer: libFuzzer_gpu_fuzzer
Fuzz target binary: gpu_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  gpu::gles2::GLES2DecoderImpl::DoBlitFramebufferCHROMIUM
  gpu::gles2::GLES2DecoderImpl::HandleBlitFramebufferCHROMIUM
  gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false>
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=512673:512693
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=613664:613685

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4687832707497984

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4687832707497984 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.