Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Dan, since you've rolled those fuzzers in [1], could you please take a look and / or help to find an owner?

1: https://chromium-review.googlesource.com/c/chromium/src/+/1161090

Removing ReleaseBlock-Stable as this code is not shipped in any version of Chromium at the moment.

https://github.com/KhronosGroup/SPIRV-Tools/pull/1801 refactors the code related to this bug. The validator catches an error earlier, so I'm hoping it fixes this issue.

Confirmed that the fuzzer succeeds on this testcase with the above mentioned branch.

Fixed in 3a20879f4d0af1cc336ef3294d67bf199796be5d

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f1ea2746039f0e56cce593d53225707b71ab83fe

commit f1ea2746039f0e56cce593d53225707b71ab83fe
Author: Dan Sinclair <dsinclair@chromium.org>
Date: Fri Aug 10 00:21:24 2018

Roll src/third_party/SPIRV-Tools/src/ 2d9a32526..714bf84e5 (14 commits)

$ git log 2d9a32526..714bf84e5 --date=short --no-merges --format='%ad %ae %s'
2018-08-08 alanbaker Split mode setting opcode validation into new file.
2018-08-08 alanbaker Split annotation opcode validation into new file.
2018-08-08 alanbaker Replace asserts with returns
2018-08-08 alanbaker Split debug opcode validation into new file
2018-08-03 alanbaker Move type instruction validation into separate file
2018-08-08 31666470+s-perron Validate the input to Optimizer::Run (#1799)
2018-08-03 alanbaker Unify validation of OpCopyMemory*
2018-08-03 alanbaker Refactor where opcodes are validated
2018-08-07 shartte When clang is used as a MSVC frontend (clang-cl.exe) it does not behave exactly as GCC would. I.e. -Wall translates to /Wall, which is an alias for -Weverything. This causes massive C++98 compat warnings logspam. (#1808)
2018-08-07 dj2 Remove unused bit stream methods. (#1807)
2018-08-07 dj2 Simplify MoveToFront (#1806)
2018-08-07 dj2 Fixup readabilty/inheritance warnings (#1805)
2018-08-07 dj2 Fix readbility/braces warnings (#1804)
2018-08-03 dj2 Cleanup includes. (#1795)

Created with:
  roll-dep src/third_party/SPIRV-Tools/src

Bug:  870510 ,  870571 ,  870681 ,  871065 ,  872572 

TBR=dneto@chromium.org

Change-Id: I6e50c26fb10368a912c9f7e95b12dd789f0bf5f5
Reviewed-on: https://chromium-review.googlesource.com/1169129
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Cr-Commit-Position: refs/heads/master@{#581976}
[modify] https://crrev.com/f1ea2746039f0e56cce593d53225707b71ab83fe/DEPS

ClusterFuzz has detected this issue as fixed in range 581969:581979.

Detailed report: https://clusterfuzz.com/testcase?key=6044284470689792

Fuzzer: libFuzzer_spvtools_val_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x60300000038c
Crash State:
  spvtools::val::ValidateCopyMemory
  spvtools::val::ValidateMemoryInstructions
  spvtools::val::ValidateBinaryUsingContextAndValidationState
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=579911:580305
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=581969:581979

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6044284470689792

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6044284470689792 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot