New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 910886 link

Starred by 1 user
Status: Available
Owner:
capn@chromium.org
Cc:
chrisforbes@google.com
nicolasc...@google.com
cwallez@google.com
shannonwoods@google.com
sugoi@google.com
sugoi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 3
Type: Bug



Sign in to add a comment

ASSERT: false

Project Member Reported by ClusterFuzz, Dec 1 
Detailed report: https://clusterfuzz.com/testcase?key=6467517205446656

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  false
  glsl::OutputASM::emitCast
  glsl::OutputASM::visitAggregate
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=521495:521545

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6467517205446656

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Dec 1

Components: Internals>GPU>SwiftShader
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Dec 1

Cc: nicolasc...@google.com chrisforbes@google.com shannonwoods@google.com sugoi@google.com cwallez@google.com
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 3 by kkaluri@chromium.org, Dec 4

Owner: capn@chromium.org
Status: Assigned (was: Untriaged)
Predator has provided 5 possible suspects

1. Fix D3D8 compilation. by capn@google.com
2. Move draw call early-outs until after validation. by capn@google.com
3. Update to number of allowed shader inputs/outputs for OpenGL ES 3 by sugoi@google.com
4. glGenerateMipmap validation by sugoi@google.com
5. Program related validation by sugoi@google.com

Assigning it to capn@ for further triage

Comment 4 by capn@chromium.org, Dec 4 

This is caused by attempting to cast a sampler to a float number:

attribute highp vec4 a_position;
mediump float v_vtxOut;

struct structType
{
	mediump sampler2D m0;
	mediump samplerCube m1;
};
uniform structType u_var;

mediump float compare_float    (mediump float a, mediump float b)  { return abs(a - b) < 0.05 ? 1.0 : 0.0; }
mediump float compare_vec4     (mediump vec4 a, mediump vec4 b)    { return compare_float(a.w, b.w); }

void main (void)
{	gl_Position = a_position;
	
	v_vtxOut *=compare_vec4(textureCube(u_var.m1, vec3(u_var.m0, vec3(0.0))), vec4(0.88, 0.09, 0.30, 0.61));
}

Looks like that's not detected by our GLSL parser. It's an invalid shader, and the assert is benign, so I'm lowering the priority. This will become irrelevant once we're Vulkan-only anyway.

Sign in to add a comment