Integer-overflow in TType::totalRegisterCount |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5175163420934144 Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer Fuzz target binary: swiftshader_vertex_routine_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: TType::totalRegisterCount glsl::OutputASM::lvalue glsl::OutputASM::lvalue Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=521492:521536 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5175163420934144 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Dec 5
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Dec 6
Since predator has provided 5 possible suspects 1. Fix D3D8 compilation. by capn@google.com 2. Move draw call early-outs until after validation. by capn@google.com 3. Update to number of allowed shader inputs/outputs for OpenGL ES 3 by sugoi@google.com 4. glGenerateMipmap validation by sugoi@google.com 5. Program related validation by sugoi@google.com Assigning it to capn@ for further triage.
,
Dec 6
Similar to Issue 803328 and Issue 867593 . We protect against register file overflow at a later point, so I don't think this is problematic. The GLSL compiler will be deprecated once we have our Vulkan implementation with ANGLE providing OpenGL ES support on top, so fixing this is low priority unless proven a bigger issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Dec 5Labels: Test-Predator-Auto-Components