New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 605094 link

Starred by 0 users
Status: Duplicate
Merged: issue 603486
Owner:
dominicc@chromium.org
Last visit > 30 days ago
Closed: Apr 2016
Cc:
kcc@chromium.org
ddkil...@apple.com
mmoroz@google.com
veill...@gmail.com
scottmg@chromium.org
aizatsky@chromium.org
pranjal....@gmail.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Undefined-shift in T_UConverter_toUnicode_UTF32_LE

Project Member Reported by ClusterFuzz, Apr 20 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5054910244061184

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  T_UConverter_toUnicode_UTF32_LE
  _toUnicodeWithCallback
  ucnv_convertEx_56
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=386932:386961

Minimized Testcase (0.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97hfp2BIQDXRZC2lQquv3qBMF2cFftBZsImncPxHknqJKP_g5FT0XatLyRA_xFSqESaqE95CoXFf2zC3SAtCXNjkPSWasrUstIo0T8EL2Q5fxgEqRmf-il5efCaSfltw3M9QYOaSAQkQPd_SvckpKCfxbNz_A

Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmoroz@chromium.org, Apr 20 2016

Cc: veill...@gmail.com aizatsky@chromium.org scottmg@chromium.org kcc@chromium.org pranjal....@gmail.com ddkil...@apple.com
Components: Blink>XML
Labels: -Pri-1 Pri-2
Owner: dominicc@chromium.org
Testcase attached.
fuzz-2-libxml_xml_read_memory_fuzzer
624 bytes View Download

Comment 2 by mmoroz@chromium.org, Apr 28 2016

Mergedinto: 603486
Status: Duplicate (was: Available)
Project Member

Comment 3 by ClusterFuzz, Jun 27 2016 

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5054910244061184

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  T_UConverter_toUnicode_UTF32_LE
  _toUnicodeWithCallback
  ucnv_convertEx_56
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=386932:386961

Minimized Testcase (0.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97pTC3xQ7ieLAVLj6FyoY2aU6SZKE66mabLxSgFYGBKhnBZwfNBeq9r2gj42b9q50Zm3d-jL86dgkwc4B2cbR9ag7gAwiw4n7OX7W6JjWTw6i7fcUO8jiddcUQkbU59b64hEjL1FGkOkcZLRoceCzgaEkhmmA?testcase_id=5054910244061184

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment