Undefined-shift in felem_shrink |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5717157576441856 Fuzzer: libfuzzer_boringssl_client_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: felem_shrink felem_square point_add Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=386932:386961 Minimized Testcase (0.66 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97_5N7wov2mgKbTaXigD6W_cGSbpOufbXm-s8iucUItC1QE5LeMPzgfL54z_bRfSbTiG1q5urjsqzSbNTwp4PXGpzZ2FjKIZCuqmejwo9fgjIPfLs3pJE9T0ntfDTVYlzZOi2dNbZY-UVBBGLFzbdBbNw6sjQ Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 14 2016
This is more of the nonsense where C pretends it hasn't discovered two's complement yet and some of our constant-time code is unhappy. https://code.google.com/p/chromium/codesearch#chromium/src/third_party/boringssl/src/crypto/ec/p256-64.c&l=327 I suppose we could replace this with other bit tricks to shut UBSan up.
,
Apr 18 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6336264160149504 Fuzzer: libfuzzer_boringssl_client_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: felem_shrink felem_mul point_add Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=386932:386961 Minimized Testcase (0.65 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94xxwUYjiQrm7RCMoqsqfpQKYkeokRXxGIT41B7dpd0QFtBTROq__za6BARGLZuwRMVzWi4ycA__WADFXPOkXR73dFCIsBvddsxGGWPbk3ugZtWFfuieFjTtAXo-rIdAiryyHDI1wDYXR2mXjLN_YswyYQf-A Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 25 2016
,
Apr 25 2016
The following revision refers to this bug: https://boringssl.googlesource.com/boringssl.git/+/f13444a5ad92974005df38c4344c922af2449ca3 commit f13444a5ad92974005df38c4344c922af2449ca3 Author: David Benjamin <davidben@google.com> Date: Mon Apr 25 17:22:22 2016 Use different bit tricks to extend the LSB. C gets grumpy when you shift into a sign bit. Replace it with a different bit trick. BUG= chromium:603502 Change-Id: Ia4cc2e2d68675528b7c0155882ff4d6230df482b Reviewed-on: https://boringssl-review.googlesource.com/7740 Reviewed-by: Adam Langley <agl@google.com> [modify] https://crrev.com/f13444a5ad92974005df38c4344c922af2449ca3/crypto/ec/p256-64.c
,
Apr 25 2016
Marking this as fixed, though note that ClusterFuzz won't register it until later in the week due to DEPS roll delays.
,
Apr 28 2016
ClusterFuzz has detected this issue as fixed in range 390114:390182. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6336264160149504 Fuzzer: libfuzzer_boringssl_client_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: felem_shrink felem_mul point_add Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=386932:386961 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=390114:390182 Minimized Testcase (0.65 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94xxwUYjiQrm7RCMoqsqfpQKYkeokRXxGIT41B7dpd0QFtBTROq__za6BARGLZuwRMVzWi4ycA__WADFXPOkXR73dFCIsBvddsxGGWPbk3ugZtWFfuieFjTtAXo-rIdAiryyHDI1wDYXR2mXjLN_YswyYQf-A See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 28 2016
ClusterFuzz has detected this issue as fixed in range 390114:390182. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5717157576441856 Fuzzer: libfuzzer_boringssl_client_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: felem_shrink felem_square point_add Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=386932:386961 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=390114:390182 Minimized Testcase (0.66 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97_5N7wov2mgKbTaXigD6W_cGSbpOufbXm-s8iucUItC1QE5LeMPzgfL54z_bRfSbTiG1q5urjsqzSbNTwp4PXGpzZ2FjKIZCuqmejwo9fgjIPfLs3pJE9T0ntfDTVYlzZOi2dNbZY-UVBBGLFzbdBbNw6sjQ See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by mmoroz@chromium.org
, Apr 14 2016Owner: davidben@chromium.org