New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 604796 link

Starred by 0 users
Status: WontFix
Owner:
js...@chromium.org
Closed: Dec 2016
Cc:
kcc@chromium.org
mmoroz@google.com
aizatsky@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Integer-overflow in computeYMD

Project Member Reported by ClusterFuzz, Apr 19 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4762658472984576

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  computeYMD
  computeYMD_HMS
  datetimeFunc
  

Minimized Testcase (0.05 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96KYXHeQ3Vhw41OD0_pLagO6i_9XgtaFBXxJWdNvjxNciCqtTBASoSh7HmXOgkSlH15OMfnLBbS_klWICB5lrmCgqqT8fGTiDrWHUC7EkVoRSBIZWQT_RNtLg53OhsHBNq6TH-hQz6YdhypBTK-ivK3BCHLlg

SELECT datetime( random()/800| random()| random());Q(


Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmoroz@chromium.org, Apr 19 2016

Cc: kcc@chromium.org aizatsky@chromium.org
Owner: js...@chromium.org
Project Member

Comment 2 by ClusterFuzz, Apr 19 2016 

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6064432123215872

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  computeYMD
  computeYMD_HMS
  strftimeFunc
  

Minimized Testcase (0.06 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv970EvMUTvZ0K7-y-0AtIYu5g7KOAnA8uyeFJovvc3Q9q6t0_Y5xav2nxzTTrt8pL2DERj1kCwSbIlWk4KdATS6MUA3zsElhdkecefvYovWzEFqYBhloe45r2RTcO5qrBpLWMvhNZNco9hiFzUUOGZ-1sXLdjA
0 DETACH 2*00<0=0-:0E-2= strftime(1,1<<31);1can11es*T]R'A


Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 3 by ClusterFuzz, Jun 27 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6064432123215872

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  computeYMD
  computeYMD_HMS
  strftimeFunc
  

Minimized Testcase (0.06 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96swkw9XS5TUFBrOhQN6DwFgG9Ww8eM5Mt8S8nr40XmJk8_OCvKgA6FIonrr3c_ah7fENFhZr4cG9J8GCfLWcLm7KvwE4m1jZkA5DaaLW2RbOUTl2BBejdPgSyUd3s5YY1nbSzNxhN6T0Zsd8iraCrl_3juWw?testcase_id=6064432123215872
0 DETACH 2*00<0=0-:0E-2= strftime(1,1<<31);1can11es*T]R'A


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Available)
ClusterFuzz testcase 4762658472984576 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment