New issue
Advanced search Search tips
Starred by 2 users

Issue metadata

Status: Verified
Owner:
Closed: Nov 21
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment
link

Issue 904734: Direct-leak in dawn_native::null::CreateDevice

Reported by ClusterFuzz, Nov 13 Project Member

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5973237764456448

Fuzzer: libFuzzer_dawn_wire_server_and_frontend_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  dawn_native::null::CreateDevice
  DawnWireServerAndFrontendFuzzer.cpp
  dawn_native::DeviceBase::DeviceBase
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=607427:607452

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5973237764456448

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 

Comment 1 by ClusterFuzz, Nov 13

Project Member
Cc: kainino@chromium.org cwallez@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 2 by ClusterFuzz, Nov 13

Project Member
Labels: Test-Predator-Auto-Owner
Owner: cwallez@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://dawn.googlesource.com/dawn/+/45ee4c88c43f2cd986a4af84ac4a8361a222b185 (Add a fuzzer for the wire server and Dawn frontend).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 3 by cwallez@chromium.org, Nov 19

Components: Internals>GPU>Dawn

Comment 4 by bugdroid1@chromium.org, Nov 20

Project Member
The following revision refers to this bug:
  https://dawn.googlesource.com/dawn/+/c1bb72c5d299716bf2fe608b671b66b0570a7192

commit c1bb72c5d299716bf2fe608b671b66b0570a7192
Author: Corentin Wallez <cwallez@chromium.org>
Date: Tue Nov 20 09:14:40 2018

DawnWireAndFrontendFuzzer: don't leak the device.

The dawn::Device(dawnDevice) constructor was adding a reference which
caused the device to leak. Fix this by using dawn::Device::Acquire
instead.

BUG= chromium:904734 

Change-Id: Id641459f9285c9da51a0d2a1f88126197bfd79a5
Reviewed-on: https://dawn-review.googlesource.com/c/2561
Reviewed-by: Dan Sinclair <dsinclair@google.com>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>

[modify] https://crrev.com/c1bb72c5d299716bf2fe608b671b66b0570a7192/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp

Comment 5 by ClusterFuzz, Nov 21

Project Member
ClusterFuzz has detected this issue as fixed in range 609745:609751.

Detailed report: https://clusterfuzz.com/testcase?key=5973237764456448

Fuzzer: libFuzzer_dawn_wire_server_and_frontend_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  dawn_native::null::CreateDevice
  DawnWireServerAndFrontendFuzzer.cpp
  dawn_native::DeviceBase::DeviceBase
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=607427:607452
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=609745:609751

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5973237764456448

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 6 by ClusterFuzz, Nov 21

Project Member
Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5973237764456448 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment