Crash in gsignal (from GURL::InitCanonical() call) |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4801884835020800 Fuzzer: libfuzzer_parse_data_url_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x03e90000031b Crash State: gsignal UIDNAWrapper Pointer Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=378811:378884 Minimized Testcase (0.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94DHIaCHGuE3zur52mV_reKpC87nfmMM6C4VsjpoqKcDrWlm7q172KBWitFTI3xPoXEsKIhKxEQWHbQrCKQ0LC4f1eZ7CyPLHeeEAsQ24T_cgd9VAoHckebgOEjW5pe2bwoISoOTSf4sL61PHD896ABU87tWg Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 3 2016
Correct, this is not a security bug. It is a problem with the fuzz test setup -- need to call base::i18n::InitializeICU() in any test that depends on GURL, since internally it may depend on ICU. The crash here is occurring because ICU was not initialized. I think I will create a base helper for all the net fuzzers that always initialize ICU.
,
Mar 3 2016
Work in progress: https://codereview.chromium.org/1760973002/
,
Mar 4 2016
FYI, when reviewing any new //net fuzzer we should check that it depends on "net_fuzzer_test_support" to initialize ICU.
,
Mar 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/02b4fe56060de5d37e3a2a36afdfdd4944bb544a commit 02b4fe56060de5d37e3a2a36afdfdd4944bb544a Author: eroman <eroman@chromium.org> Date: Fri Mar 04 12:15:16 2016 Initialize ICU before running any of the //net fuzzers. ICU is used internally by //net through GURL, however needs to be first initialized by calling base::i18n::InitializeICU(). Do this initialization via a static initializer for any //net fuzzer to be safe, since it is not always obvious when this dependency is used. BUG= 591677 Review URL: https://codereview.chromium.org/1760973002 Cr-Commit-Position: refs/heads/master@{#379270} [modify] https://crrev.com/02b4fe56060de5d37e3a2a36afdfdd4944bb544a/net/BUILD.gn [modify] https://crrev.com/02b4fe56060de5d37e3a2a36afdfdd4944bb544a/net/DEPS [add] https://crrev.com/02b4fe56060de5d37e3a2a36afdfdd4944bb544a/net/base/fuzzer_test_support.cc [modify] https://crrev.com/02b4fe56060de5d37e3a2a36afdfdd4944bb544a/net/base/registry_controlled_domains/get_domain_and_registry_fuzzer.cc [modify] https://crrev.com/02b4fe56060de5d37e3a2a36afdfdd4944bb544a/net/ftp/ftp_directory_listing_fuzzer.cc
,
Mar 4 2016
,
Mar 9 2016
ClusterFuzz has detected this issue as fixed in range 379054:379821. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4801884835020800 Fuzzer: libfuzzer_parse_data_url_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x03e90000031b Crash State: gsignal UIDNAWrapper Pointer Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=378811:378884 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=379054:379821 Minimized Testcase (0.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94DHIaCHGuE3zur52mV_reKpC87nfmMM6C4VsjpoqKcDrWlm7q172KBWitFTI3xPoXEsKIhKxEQWHbQrCKQ0LC4f1eZ7CyPLHeeEAsQ24T_cgd9VAoHckebgOEjW5pe2bwoISoOTSf4sL61PHD896ABU87tWg See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mmoroz@chromium.org
, Mar 3 2016Summary: Crash in gsignal (from GURL::InitCanonical() call) (was: Crash in gsignal)