New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 910893 link

Starred by 1 user
Status: Duplicate
Merged: issue 861603
Owner:
capn@chromium.org
Closed: Dec 4
Cc:
chrisforbes@google.com
nicolasc...@google.com
cwallez@google.com
shannonwoods@google.com
sugoi@google.com
sugoi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

ASSERT: false

Project Member Reported by ClusterFuzz, Dec 1 
Detailed report: https://clusterfuzz.com/testcase?key=6350084528406528

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  false
  sw::Surface::isFloatFormat
  sw::SamplerCore::hasFloatTexture
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=521495:521545

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6350084528406528

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Dec 1

Components: Internals>GPU>SwiftShader
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Dec 1

Cc: nicolasc...@google.com chrisforbes@google.com shannonwoods@google.com sugoi@google.com cwallez@google.com
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 3 by capn@chromium.org, Dec 3

Labels: -Pri-1 Pri-3
Owner: capn@chromium.org
Duplicate of  Issue 861603 .

This is caused by a sampler register index being out of range. This can't actually happen in Chrome because we validate them at draw time when applying the state. The fuzzer takes a shortcut and doesn't actually draw anything.

So this is benign, but we should probably have a fail-safe at either the shader ASM generation or Reactor routine generation (or both). Anyway, this is all going to change when we switch to using the glslang compiler, so it's not a priority.

Comment 4 by kkaluri@chromium.org, Dec 4

Mergedinto: 861603
Status: Duplicate (was: Untriaged)
As per comment #3 duplicating this issue.

Sign in to add a comment