Issue 906423 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 873225
Owner:	stevenperron@google.com
Closed:	Nov 19
Cc:	vmi...@chromium.org piman@chromium.org dsinclair@chromium.org
Components:	Internals>GPU>Internals
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Stability-Libfuzzer Clusterfuzz Unreproducible Stability-UndefinedBehaviorSanitizer Test-Predator-Auto-Components ClusterFuzz-Auto-CC

Null-dereference READ in spvtools::opt::Instruction::result_id

Project Member Reported by ClusterFuzz, Nov 18

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6449251137355776

Fuzzer: libFuzzer_spvtools_opt_legalization_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  spvtools::opt::Instruction::result_id
  spvtools::opt::ScalarReplacementPass::CheckTypeAnnotations
  spvtools::opt::ScalarReplacementPass::CanReplaceVariable
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=589988:590303

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6449251137355776

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Project Member

Comment 1 by ClusterFuzz, Nov 18

Components: Internals>GPU>Internals
Labels: Test-Predator-Auto-Components

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Project Member

Comment 2 by ClusterFuzz, Nov 18

Cc: dsinclair@chromium.org vmi...@chromium.org piman@chromium.org
Labels: ClusterFuzz-Auto-CC

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 3 by dsinclair@chromium.org, Nov 19

Owner: stevenperron@google.com
Status: Assigned (was: Untriaged)

Comment 4 by stevenperron@google.com, Nov 19

Mergedinto: 873225
Status: Duplicate (was: Assigned)

Project Member

Comment 5 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible

ClusterFuzz testcase 6449251137355776 appears to be flaky, updating reproducibility label.

Project Member

Comment 6 by ClusterFuzz, Dec 19

ClusterFuzz has detected this issue as fixed in range 617693:617695.

Detailed report: https://clusterfuzz.com/testcase?key=6449251137355776

Fuzzer: libFuzzer_spvtools_opt_legalization_fuzzer
Fuzz target binary: spvtools_opt_legalization_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  spvtools::opt::Instruction::result_id
  spvtools::opt::ScalarReplacementPass::CheckTypeAnnotations
  spvtools::opt::ScalarReplacementPass::CanReplaceVariable
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=589988:590303
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=617693:617695

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6449251137355776

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 906423 link

Issue metadata

Null-dereference READ in spvtools::opt::Instruction::result_id

Issue description

Comment 1 by ClusterFuzz, Nov 18

Comment 1 Deleted

Comment 2 by ClusterFuzz, Nov 18

Comment 2 Deleted

Comment 3 by dsinclair@chromium.org, Nov 19

Comment 3 Deleted

Comment 4 by stevenperron@google.com, Nov 19

Comment 4 Deleted

Comment 5 by ClusterFuzz, Dec 1

Comment 5 Deleted

Comment 6 by ClusterFuzz, Dec 19

Comment 6 Deleted

Sign in to add a comment