ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5358119705640960

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97uS-CxuOUPmqcQxO7YmFz-hk6OJmMt8WICfy1Ttn-okXReDpC99XxSJ0CG1tpV6u_XzYlM58VCw277IJj-Hyz1HgLCl9AMMpk21Shwi12JUFC55006ZskXZBHFE4fV1L0E9GqrE72-qlovV_wyBRtfDosXdA
(SELECT-3452005775[a]WHERE a+a*A


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5420459801968640

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95v806v8JFIh9-5Bb_uh7-uyM-r7D24q59UmszqiC1JY8jN3feqnLGZu8p_LSCvPLI605qaqQzqfFpwSqgKUJyIMatev13cshdiePM0Xxdq32rYfySx_32N75xycaA8ZNl-b8GeTJCbg7LaETGBEepg3G-Z9A
(SELECT 3452005775[a]WHERE a+a*A


Filer: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5420459801968640

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97AqGU2RhTcDLwi25neWIGo0Z6sWPhUY_fKjsUsQiDaGHbuELWupFZzRsKM4u-9nOrLhFRgHAZNsd3inckHIvtXOajCyQ3OUpYVrEBWuQbDEWCbFutlwUna_MByM-xRlMWKVBEo6QNLisgESF6JmrQduXmUfA?testcase_id=5420459801968640
(SELECT 3452005775[a]WHERE a+a*A


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4666706840780800

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97BwZlMTHLuvMDumTMcA-ZomqleFYrNSsFp1Al2SmGIHy9wKSe_I9kd_cygviBW1gHheyzZvJ6gP7yd1_RqLDi9Y7CUK6hUpSGWTa-8IduKMW4qyWIFkxQAZfPfz6VUOSnk24aKn1n5PdyNLWlcYpnfldSRwg?testcase_id=4666706840780800
(SELECT 3452005775[a]WHERE a+a*A


Filer: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6599490379448320

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97ptaj1TUxpzuzkYzSGj5t7wMK3YMWvAQm1BHLBhclmcJbA_r7XeqzWTfKLUtbvzTrpkwvd1E3O4iNxE9Wz2HYW_envbL2ooEe2vQOLY4ZfU9XL_RHBiTwi151u9-fF3QxJR-xY-hUXbGWEGf4nDnOAewdgqA?testcase_id=6599490379448320
(SELECT 3452005775[a]WHERE a+a*A


Filer: rnimmagadda

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Also, suspecting:

Author: delcypher
Project: chromium-libfuzzer
Changelist: https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer.git/+/c84c7383e7b76dd6e3258ca5e5df4584b57d2297
Time: Thu May 19 22:00:33 2016
Lines 441-447 of file FuzzerLoop.cpp which potentially caused crash are changed in this cl (frame #6, "fuzzer::Fuzzer::RunOne").
Minimum distance from crash line to modified line: 0. (file: FuzzerLoop.cpp, crashed on: 441, modified: 441).

Gentle Ping.

@jshin: Could you please provide some update on this issue.

Thank you.

ClusterFuzz has detected this issue as fixed in range 413961:414068.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6599490379448320

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413961:414068

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97ptaj1TUxpzuzkYzSGj5t7wMK3YMWvAQm1BHLBhclmcJbA_r7XeqzWTfKLUtbvzTrpkwvd1E3O4iNxE9Wz2HYW_envbL2ooEe2vQOLY4ZfU9XL_RHBiTwi151u9-fF3QxJR-xY-hUXbGWEGf4nDnOAewdgqA?testcase_id=6599490379448320
(SELECT 3452005775[a]WHERE a+a*A


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 413961:414068.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4666706840780800

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413961:414068

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97BwZlMTHLuvMDumTMcA-ZomqleFYrNSsFp1Al2SmGIHy9wKSe_I9kd_cygviBW1gHheyzZvJ6gP7yd1_RqLDi9Y7CUK6hUpSGWTa-8IduKMW4qyWIFkxQAZfPfz6VUOSnk24aKn1n5PdyNLWlcYpnfldSRwg?testcase_id=4666706840780800
(SELECT 3452005775[a]WHERE a+a*A


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5434888906080256

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414214:414310

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97XAOBqwH5-najSjw5hSC2tahU20KPboqRVe5OkUhxauQe7Am7a4bbJn-Wx7bon40fr3L59fb0hKUMRd9R0JkWPSgwSjLOnzXKoNV7_AADleQa7BcP3Kc3GSuMkxRlbhF-2eVfpokj6VSGkWiHKZI1nVP1VCA?testcase_id=5434888906080256
(SELECT 3452005775[a]WHERE a+a*A


Issue manually filed by: mmohammad

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

ClusterFuzz has detected this issue as fixed in range 414399:414444.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5434888906080256

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414214:414310
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414399:414444

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97XAOBqwH5-najSjw5hSC2tahU20KPboqRVe5OkUhxauQe7Am7a4bbJn-Wx7bon40fr3L59fb0hKUMRd9R0JkWPSgwSjLOnzXKoNV7_AADleQa7BcP3Kc3GSuMkxRlbhF-2eVfpokj6VSGkWiHKZI1nVP1VCA?testcase_id=5434888906080256
(SELECT 3452005775[a]WHERE a+a*A


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Re-Opening the issue as Clusterfuzz has detected the crash again, Clusterfuzz update in the next comment.Thank you 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5237939238076416

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414663:414681

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95Oh-GjR0pa4r55eU3wa4gJS57x9jriQsEe1YNb58VXJIK9rSZxglTrOHotFATz7EYvjHfC2oZHP-IIDqKptCw5UM69xvlLFf0YygeYLajsEpizAnCWwT_6d18mclbZmI1xHupJMqRe4c4lo8-mDL0npRdg-Q?testcase_id=5237939238076416
(SELECT-3452005775[a]WHERE a+a*A


Issue manually filed by: mmohammad

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

ClusterFuzz has detected this issue as fixed in range 414779:414830.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5237939238076416

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  sqlite3MulInt64
  sqlite3VdbeExec
  sqlite3Step
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414663:414681
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414779:414830

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95Oh-GjR0pa4r55eU3wa4gJS57x9jriQsEe1YNb58VXJIK9rSZxglTrOHotFATz7EYvjHfC2oZHP-IIDqKptCw5UM69xvlLFf0YygeYLajsEpizAnCWwT_6d18mclbZmI1xHupJMqRe4c4lo8-mDL0npRdg-Q?testcase_id=5237939238076416
(SELECT-3452005775[a]WHERE a+a*A


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sorry that I haven't responed sooner. It's related to ICU in sqlite. 

jshin: You sure?  Looks like |SELECT 3452005775*3452005775| is an integer overflow.

I need to parse out what's happening, though.  The value is less than 2^32, but sqlite3 command-line gives -<many digits>, so it's possible that it's a conversion error.  Checking with a new version of sqlite, just in case.

Yeah, sqlite3MulInt64() tries to detect overflow by whether the inputs are set in bit 32 or higher, but overflow can also happen for 31-bit values (notably sqrt(2^63)+1 is within 32 bits).  I have an email out to sqlite core, while I let my brain work out the right bits to check.

https://www.sqlite.org/src/info/1ec41379c9c1e400

I don't think there's right bits to check.  The code in question is approximately right for unsigned integers, but signed integers aren't going to work that way.  I'm kinda wondering if it's a case where it's easiest to assume 2s-complement, and do the work in the unsigned realm.

That said ... given the usage of the code in question, it's not obvious where the undefined-ness of signed integer overflow can lead anywhere interesting.  Due to the inputs coming via the virtual machine, it's pretty unlikely to be noticed as actionable by the compiler, even with inlining, even with really extensive inlining.  But YMMV.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1459ddc66690416d9538693972ceb82c4772fc01

commit 1459ddc66690416d9538693972ceb82c4772fc01
Author: shess <shess@chromium.org>
Date: Wed Sep 28 15:22:29 2016

[backport] Address integer overflow in sqlite3MulInt64.

SQLite check-in http://www.sqlite.org/src/info/db3ebd7c52cfc5fc

"Improved implementation of 64-bit signed integer multiply that
correctly detects overflow (and promotes to floating-point) in some
corner cases. Fix for ticket [1ec41379c9c1e400]"

http://www.sqlite.org/src/info/1ec41379c9c1e400"

BUG= 601727 

Review-Url: https://codereview.chromium.org/2370463002
Cr-Commit-Position: refs/heads/master@{#421522}

[modify] https://crrev.com/1459ddc66690416d9538693972ceb82c4772fc01/third_party/sqlite/amalgamation/sqlite3.c
[add] https://crrev.com/1459ddc66690416d9538693972ceb82c4772fc01/third_party/sqlite/patches/0014-backport-Address-integer-overflow-in-sqlite3MulInt64.patch
[modify] https://crrev.com/1459ddc66690416d9538693972ceb82c4772fc01/third_party/sqlite/src/src/util.c
[modify] https://crrev.com/1459ddc66690416d9538693972ceb82c4772fc01/third_party/sqlite/src/test/expr.test

Fixed AFAICT.  Now SELECT 3452005775*3452005775 returns 1.1916343870633351e+19.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.