New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 911941 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Integer-overflow in TType::totalRegisterCount

Project Member Reported by ClusterFuzz, Dec 5

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5175163420934144

Fuzzer: libFuzzer_swiftshader_vertex_routine_fuzzer
Fuzz target binary: swiftshader_vertex_routine_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  TType::totalRegisterCount
  glsl::OutputASM::lvalue
  glsl::OutputASM::lvalue
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=521492:521536

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5175163420934144

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Dec 5

Components: Internals>GPU>SwiftShader
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Dec 5

Cc: nicolasc...@google.com chrisforbes@google.com shannonwoods@google.com sugoi@google.com cwallez@google.com
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.
Cc: kkaluri@chromium.org
Labels: M-71
Owner: capn@chromium.org
Status: Assigned (was: Untriaged)
Since predator has provided 5 possible suspects

1. Fix D3D8 compilation. by capn@google.com
2. Move draw call early-outs until after validation. by capn@google.com
3. Update to number of allowed shader inputs/outputs for OpenGL ES 3 by sugoi@google.com
4. glGenerateMipmap validation by sugoi@google.com
5. Program related validation by sugoi@google.com

Assigning it to capn@ for further triage.
Labels: -Pri-2 Pri-3
Similar to  Issue 803328  and  Issue 867593 .

We protect against register file overflow at a later point, so I don't think this is problematic. The GLSL compiler will be deprecated once we have our Vulkan implementation with ANGLE providing OpenGL ES support on top, so fixing this is low priority unless proven a bigger issue.

Sign in to add a comment