Null-dereference READ in spvtools::opt::analysis::Struct::GetExtraHashWords |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4798524609527808 Fuzzer: libFuzzer_spvtools_opt_legalization_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000020 Crash State: spvtools::opt::analysis::Struct::GetExtraHashWords spvtools::opt::analysis::Type::GetHashWords spvtools::opt::analysis::Type::GetHashWords Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=580304:580310 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4798524609527808 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Aug 15
Automatically adding ccs based on suspected regression changelists: Update OpPhi instructions after splitting block. (#1783) by 31666470+s-perron@users.noreply.github.com - https://chromium.googlesource.com/external/github.com/KhronosGroup/SPIRV-Tools/+/ce644d4a2484fe66e53f5b744ebc4d0d5d49e1ca Remove using std::<foo> statements. (#1756) by dj2@everburning.com - https://chromium.googlesource.com/external/github.com/KhronosGroup/SPIRV-Tools/+/a5a5ea0e2dfce9c755a88af1074ebe68a44d2ed9 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Aug 15
,
Aug 15
Invalid code a struct contains itself: %_struct_7 = OpTypeStruct %float %_struct_7 The seems to be a bug in the validator that is stopping this from being checked. https://github.com/KhronosGroup/SPIRV-Tools/pull/1840 was opened to address this issue.
,
Aug 15
,
Aug 22
ClusterFuzz testcase 4798524609527808 is still reproducing on tip-of-tree build (trunk). Please re-test your fix against this testcase and if the fix was incorrect or incomplete, please re-open the bug. Otherwise, ignore this notification and add ClusterFuzz-Wrong label.
,
Aug 27
This change should be rolling into Chromium now.
,
Aug 27
,
Aug 28
ClusterFuzz has detected this issue as fixed in range 586270:586271. Detailed report: https://clusterfuzz.com/testcase?key=4798524609527808 Fuzzer: libFuzzer_spvtools_opt_legalization_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000020 Crash State: spvtools::opt::analysis::Struct::GetExtraHashWords spvtools::opt::analysis::Type::GetHashWords spvtools::opt::analysis::Type::GetHashWords Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=580304:580310 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=586270:586271 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4798524609527808 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 28
ClusterFuzz testcase 4798524609527808 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 28
Issue 878326 has been merged into this issue. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Aug 15Labels: Test-Predator-Auto-Components