New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 603496 link

Starred by 0 users
Status: WontFix
Merged: issue 790944
Owner:
js...@chromium.org
Closed: May 2017
Cc:
kcc@chromium.org
mmoroz@google.com
aizatsky@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Undefined-shift in ucnv_UTF8FromUTF8

Project Member Reported by ClusterFuzz, Apr 14 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6156286340628480

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=386932:386961

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95VeFtwWeG9N56nwGWK2skkTR9lx2xv8xtyygJdqRFsmH4pZ7RxtV_ZQwggCnV4bQiRrD3yukMYZk8cVGldl3Rh-Xkz5NnhWT3y0XVuyxN7kvpWuV4AVWOdZe2j1YzRj4BuadKHhMGxkUtWmsv9fRl6-PzgNw

Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmoroz@chromium.org, Apr 14 2016

Cc: kcc@chromium.org aizatsky@chromium.org
Owner: js...@chromium.org
Project Member

Comment 2 by ClusterFuzz, Jun 27 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6156286340628480

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=386932:386961

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95C9XMk7EAF0TCpGw4ybYVPsnGaYnezmHYRsqUq5nBYJjuhzIBEBNMpCnVwMMVspAZDNPUzVLEsriy53_f_x6UWS8X0PnTBF_SGOTZ_XL1mDOLNvNROd--Wp8IT49pZER5qlsbsYVmPA_SiPagG7oH8Bh_JTA?testcase_id=6156286340628480

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 3 by ClusterFuzz, Jun 29 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5538479471853568

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Ph3-nfC_tv19OWg7jreyrKPRe16Sdmr5-i1WuCld1MB9kayb4OWA_XVoL4o14L-Xrp7jdnn3zE4GQTxZfYOqj3RH6yGNhYVsVprDTvqKBP28VRN8obw1zRowcKdDpfSQ9O6Oxe0pesJY6mz8Hf-SjoRzKKA?testcase_id=5538479471853568

Filer: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Project Member

Comment 4 by ClusterFuzz, Jul 29 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5039071516950528

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94TOQH8P1frMyVUSOKkg8DB2Z86o-ac0Q316Ak8Sp6LhmYNQhij659fJIN4pxrrxOLMRHSM7AFD0JyZmARAOGZo_zwNaTBCg7yAFQ0o_1iQu1L1i3efcPI4ATRPcfebGOZTr-LyuuSWXRSrFNsekopubRCfBA?testcase_id=5039071516950528

Filer: rnimmagadda

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 5 by rnimmagadda@chromium.org, Jul 29 2016 

Gentle Ping.

@jshin: Could you please provide some update on this issue.

Thank you.
Project Member

Comment 6 by ClusterFuzz, Aug 25 2016 

ClusterFuzz has detected this issue as fixed in range 413961:414068.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5538479471853568

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413961:414068

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Ph3-nfC_tv19OWg7jreyrKPRe16Sdmr5-i1WuCld1MB9kayb4OWA_XVoL4o14L-Xrp7jdnn3zE4GQTxZfYOqj3RH6yGNhYVsVprDTvqKBP28VRN8obw1zRowcKdDpfSQ9O6Oxe0pesJY6mz8Hf-SjoRzKKA?testcase_id=5538479471853568

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz, Aug 25 2016 

ClusterFuzz has detected this issue as fixed in range 413961:414068.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5039071516950528

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=413961:414068

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94TOQH8P1frMyVUSOKkg8DB2Z86o-ac0Q316Ak8Sp6LhmYNQhij659fJIN4pxrrxOLMRHSM7AFD0JyZmARAOGZo_zwNaTBCg7yAFQ0o_1iQu1L1i3efcPI4ATRPcfebGOZTr-LyuuSWXRSrFNsekopubRCfBA?testcase_id=5039071516950528

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 8 by ClusterFuzz, Aug 25 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Available)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 9 by mmohammad@chromium.org, Aug 25 2016

Labels: ClusterFuzz-Wrong
Status: Assigned (was: Verified)
Re-Opening the issue as Clusterfuzz has detected the crash again, Clusterfuzz update in the next comment.Thank you
Project Member

Comment 10 by ClusterFuzz, Aug 25 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6199240126889984

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414214:414310

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97MduN2-wZRGI-GVpHiWa42__tc_jAsE-varm26H-SqrzrVbpE3_TjPJunwZHwuc5HhNOg7IUuvZZPGHk_CQeMLwFw1tfLwaFXZKIhEX4_8EJhkN_5R8IEa0-rLJn-TFrdZGPAtEZkl8-AlMTigTT4j2Jzt2Q?testcase_id=6199240126889984

Issue manually filed by: mmohammad

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Project Member

Comment 11 by ClusterFuzz, Aug 26 2016 

ClusterFuzz has detected this issue as fixed in range 414399:414444.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6199240126889984

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414214:414310
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414399:414444

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97MduN2-wZRGI-GVpHiWa42__tc_jAsE-varm26H-SqrzrVbpE3_TjPJunwZHwuc5HhNOg7IUuvZZPGHk_CQeMLwFw1tfLwaFXZKIhEX4_8EJhkN_5R8IEa0-rLJn-TFrdZGPAtEZkl8-AlMTigTT4j2Jzt2Q?testcase_id=6199240126889984

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 12 by ClusterFuzz, Aug 26 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5050976795099136

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414663:414681

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96v22nYTJjP5GKKC1MEntof5-s1CvcGn5r31DoFbr_BoHRvuxo59xnXIPe1iXVKkrCC5pACVqURfQ87Nmm7Lta-_Bk2-JA1P4otzSZ7hLRVbTM4iEWQLRh4vRkhXTgl6hiufNFuWBNAED2i34md8IAFEMwk4Q?testcase_id=5050976795099136

Issue manually filed by: mmohammad

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Project Member

Comment 13 by ClusterFuzz, Aug 27 2016 

ClusterFuzz has detected this issue as fixed in range 414779:414830.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5050976795099136

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414663:414681
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414779:414830

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96v22nYTJjP5GKKC1MEntof5-s1CvcGn5r31DoFbr_BoHRvuxo59xnXIPe1iXVKkrCC5pACVqURfQ87Nmm7Lta-_Bk2-JA1P4otzSZ7hLRVbTM4iEWQLRh4vRkhXTgl6hiufNFuWBNAED2i34md8IAFEMwk4Q?testcase_id=5050976795099136

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 14 by ClusterFuzz, Aug 30 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6531160199135232

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414977:414989

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96zcy2V9kpMYVvDXnPWhKjt2r0YadmHSSO56lnYnUe15WB2G-e8BRhMmfxoxZduvXBcH6QnzpTV7yS-EG9fhjufbjLYLjze9BsglcReKXK7F39X4OQ4f5VHJ9ePPUtEc00ehZZIm49zMgX7a4hk5qlYpp56xg?testcase_id=6531160199135232

Additional requirements: Requires Gestures

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Project Member

Comment 15 by ClusterFuzz, Aug 30 2016 

ClusterFuzz has detected this issue as fixed in range 415035:415043.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6531160199135232

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=414977:414989
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=415035:415043

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96zcy2V9kpMYVvDXnPWhKjt2r0YadmHSSO56lnYnUe15WB2G-e8BRhMmfxoxZduvXBcH6QnzpTV7yS-EG9fhjufbjLYLjze9BsglcReKXK7F39X4OQ4f5VHJ9ePPUtEc00ehZZIm49zMgX7a4hk5qlYpp56xg?testcase_id=6531160199135232

Additional requirements: Requires Gestures

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 16 by ClusterFuzz, Aug 31 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5592577317535744

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlUconvWrapper
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=415587:415619

Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv960yFraBfIi019W5RSO1eXxcMzEoV_tlH9fsX2dElIGZPa-W2f8dWf74XXpGCFkY0mrHfHutKgbfz6LsDb1CiyLgSx8bqqxl3wuleJHZixt8Z5OsSWrrBffepSK6lJr4Y1g5zV9vCBKPwOcrWT9NGpRIWYTNQ?testcase_id=5592577317535744

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Project Member

Comment 17 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 18 by infe...@chromium.org, May 2 2017

Status: WontFix (was: Assigned)
Bulk-WontFixing these bugs. This was a bug on ClusterFuzz side, see bug 717534. We will start seeing new testcases auto-filed in a day or two. We can't leave these open as ClusterFuzz won't autoverify them after ClusterFuzz-Wrong label.
Project Member

Comment 19 by ClusterFuzz, May 15 2017 

ClusterFuzz has detected this issue as fixed in range 471619:471628.

Detailed report: https://clusterfuzz.com/testcase?key=5592577317535744

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  ucnv_UTF8FromUTF8
  ucnv_convertEx_56
  xmlCharEncFirstLineInput
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=415587:415619
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=471619:471628

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5592577317535744


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 20 by infe...@chromium.org, Sep 18 2017

Labels: -ClusterFuzz-Wrong
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.

Comment 21 by js...@chromium.org, Dec 19 2017

Mergedinto: 790944
Status: Duplicate (was: WontFix)

Comment 22 by js...@chromium.org, Dec 21 2017

Status: WontFix (was: Duplicate)
ICU's UTF8 conversion routine changed in ICU 60 and I can't reproduce this one any more. 

Even though the top of the stack for  bug 790944  is identical to this one,  bug 790944  is different from this one. So, unduping it.

Sign in to add a comment