Integer-overflow in sw::RectT<int>::height |
||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5686659219456000 Fuzzer: inferno_twister Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: sw::RectT<int>::height es2::Device::ClipDstRect es2::Device::stretchRect Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_chrome&range=529742:529750 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5686659219456000 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
,
Jan 3
Predator has provided 5 possible suspects 1. Allow out of bounds coordinates in glBlitFramebuffer by sugoi@google.com 2. Rename signed normalized formats. by capn@google.com 3. Separate image depth and samples count. by capn@google.com 4. Allow blitting with out of bounds source coordinates by sugoi@google.com 5. Fix blitting of quad layout data. by capn@google.com Assigning to capn@ for further triage. |
||
►
Sign in to add a comment |
||
Comment 1 by ClusterFuzz
, Jan 1Labels: Test-Predator-Auto-Components