Integer-overflow in icu_56::RegexCompile::minMatchLength |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5957789079306240 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96FODrVxdV_VZk9XmVMrfYYuS_eDVUe5RfAQsxiJTD_HlDkVj3O-S4AnzH7AzJRjVV6uGZwowz7SDTMtsV629PRETykXBKBQ6KYFq5zE7wnDUU_NOGw3JpNCtJV77CMGatE_fTRjWoC4_rElDQ_Df3LatkUqw Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 8 2016
,
Apr 21 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5985899384406016 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::handleCloseParen icu_56::RegexCompile::doParseActions Minimized Testcase (0.07 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96BQHxvPkXzUWqhE0vS_rsOxjjPHdG7LUgDhqu8tJ6f09cnFG-spffHHgJ7xMIXU4aMBhdWj_GZEJGPurpV6DMc7JTjDOO7FWkYtv9UhCXuzVcyE_-ZhD51FvDpZQZbZOEyWfLsYjYzXlZtcq2EULLeQ7bD2w Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 27 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5985899384406016 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::handleCloseParen icu_56::RegexCompile::doParseActions Minimized Testcase (0.07 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97fzapMhz7dvXb0vSc-TVsl1JMArql3jT9FK31MhrvgbzlZweITAd1uB5KJ_Iw0-yjNBnF4OdQ0C1pXdRt46dEykKcnKRrnJ44Zx6outLz3oXkuXAEDXcw59-B-mrm25DXvTGHQ9vjE8GcYwYqXuEDKK2KhYA?testcase_id=5985899384406016 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 27 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5957789079306240 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97MoFCE6HycKkZrf82L4UinOt-U-pSVKOTqBtetPwUgJw-QZGQnSqnMYtOynfjWV3WP6dJxxBgY4V6mJkR1yuh8zU7xXUe-dehPHXgwI3BH88Tn_iTyCv0sx0dMRvD0x9DyhQgsZ0yNSPgKjq5b049w79dzuw?testcase_id=5957789079306240 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4686187147296768 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96xd-OqDYdPkO7H-_g8YJ17JRuJJInfaeMNlLL-QU8y_MF5dODqeKlD64NpWkw1DmFKn2DLOnGKMkDjo-FYyvHJ19zpMjZqxFoGxPdWUWf-rqHReRW4JF59Cmc3VPiW5tfSh2v_3ODEHJ9THtBT7nBbJ5HXqw?testcase_id=4686187147296768 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5255958976790528 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95VmDPqDDKcBij9OxpvYXmUVnaX0k3qwcsRT-Mt0FO14tseMk-WE4djnQrskCWjX4HOWAImYDJdFx6KvfVkU7qjjTiOfbaHDMeAwTHWVqkzfCcSbRQ7jih_YZmMKWJcSLyCyzYcJSCOaajelI2WbEhNtE5HQg?testcase_id=5255958976790528 Filer: mmohammad See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 25 2016
ClusterFuzz has detected this issue as fixed in range 413961:414068. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4686187147296768 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413961:414068 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96xd-OqDYdPkO7H-_g8YJ17JRuJJInfaeMNlLL-QU8y_MF5dODqeKlD64NpWkw1DmFKn2DLOnGKMkDjo-FYyvHJ19zpMjZqxFoGxPdWUWf-rqHReRW4JF59Cmc3VPiW5tfSh2v_3ODEHJ9THtBT7nBbJ5HXqw?testcase_id=4686187147296768 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 26 2016
ClusterFuzz has detected this issue as fixed in range 413961:414068. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5255958976790528 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413961:414068 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95VmDPqDDKcBij9OxpvYXmUVnaX0k3qwcsRT-Mt0FO14tseMk-WE4djnQrskCWjX4HOWAImYDJdFx6KvfVkU7qjjTiOfbaHDMeAwTHWVqkzfCcSbRQ7jih_YZmMKWJcSLyCyzYcJSCOaajelI2WbEhNtE5HQg?testcase_id=5255958976790528 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 26 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 26 2016
Re-Opening the issue as Clusterfuzz has detected the crash again, Clusterfuzz update in the next comment.Thank you
,
Aug 26 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5403383794237440 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414663:414681 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97OHFFTRkdxgrZ7MhmnyAbhaTZPP4pEKaxUAfE8dJsS6YMwf3CsPDzxxcigctwZaokmG6QMGuYBdd4LdgpMSx49KepPHl6cec4REf5hVn3TPoy2S_vLZ-0F9iY1hbGd0bLN3DMw8NaK35tSa5CgyCJFXgGZ1Q?testcase_id=5403383794237440 Issue manually filed by: mmohammad See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 27 2016
ClusterFuzz has detected this issue as fixed in range 414779:414830. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5403383794237440 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414663:414681 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414779:414830 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97OHFFTRkdxgrZ7MhmnyAbhaTZPP4pEKaxUAfE8dJsS6YMwf3CsPDzxxcigctwZaokmG6QMGuYBdd4LdgpMSx49KepPHl6cec4REf5hVn3TPoy2S_vLZ-0F9iY1hbGd0bLN3DMw8NaK35tSa5CgyCJFXgGZ1Q?testcase_id=5403383794237440 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5274231510401024 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414977:414989 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97rlHIeb4cze4WgOK9B8tfI3XaDhIAgd_G5qouZf-t8dBCdbBfaqBe9EXiF5xR5vweP1Fgm3TCTrd5bAOFgfThIRHVp_9LAvW2KNkKQZzazL0uBT9TsYJ9swQpSP3rtjzVAztFt1Stk0AbORBFUBJcJ6FSGjg?testcase_id=5274231510401024 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 30 2016
ClusterFuzz has detected this issue as fixed in range 415035:415043. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5274231510401024 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414977:414989 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=415035:415043 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97rlHIeb4cze4WgOK9B8tfI3XaDhIAgd_G5qouZf-t8dBCdbBfaqBe9EXiF5xR5vweP1Fgm3TCTrd5bAOFgfThIRHVp_9LAvW2KNkKQZzazL0uBT9TsYJ9swQpSP3rtjzVAztFt1Stk0AbORBFUBJcJ6FSGjg?testcase_id=5274231510401024 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4911864985419776 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=415587:415619 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96H0rfTOAbBC2CBvOUJ3P2QMMMfbAAAeuBzvYSORAUVLyom6q2wiL8cTmjt8t5_jstzg-AKx-9Yr4KDC_GoJlWwfOqWCWIJk6kl-LXNetN68U3LA0fl8pp7172WizWoTfTPlwK4H1Dmqa7WEJ0G4Y48tbNmug?testcase_id=4911864985419776 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 2 2017
Bulk-WontFixing these bugs. This was a bug on ClusterFuzz side, see bug 717534. We will start seeing new testcases auto-filed in a day or two. We can't leave these open as ClusterFuzz won't autoverify them after ClusterFuzz-Wrong label.
,
May 15 2017
ClusterFuzz has detected this issue as fixed in range 471619:471628. Detailed report: https://clusterfuzz.com/testcase?key=4911864985419776 Fuzzer: libfuzzer_icu_uregex_open_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: icu_56::RegexCompile::minMatchLength icu_56::RegexCompile::compile icu_56::RegexPattern::compile Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=415587:415619 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=471619:471628 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4911864985419776 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by mmoroz@chromium.org
, Apr 7 2016Labels: -Stability-Crash Stability-UndefinedBehaviorSanitizer
Owner: js...@chromium.org