New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 610320 link

Starred by 0 users

Issue metadata

Status: Fixed
Owner: ----
Closed: May 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Direct-leak in net::Filter::InitGZipFilter

Project Member Reported by ClusterFuzz, May 9 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4655535663611904

Fuzzer: net_url_request_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  net::Filter::InitGZipFilter
  PrependNewFilter
  net::Filter::Factory
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97lkbp_xTBf9xhQzO0SfDgxj8AuqPxgPK8TTJHOtQ7kvezLoH77T1EOzeOvZUu2PA6LBgoKuYrDRm5bkrDTrsue6-e4KKjZ3gVVQ-8VkO4v2UcmF65Nt7nKqXz0U1RBN7rm6olpN2AZCuhagEqn54Qxn6am2Q


Filer: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 
Cc: eroman@chromium.org kcc@chromium.org mmenke@chromium.org aizatsky@chromium.org
Looks like it shouldn't be ignored due to missing suppressions at CF side. Sorry if it is a false alarm.

To reproduce locally:
ASAN_OPTIONS=symbolize=1:detect_leaks=1 ./net_url_request_fuzzer ./4d94230b5a461b22d6e463448bf57aa9c992007a
Cc: mmoroz@chromium.org
Cc: rdsmith@chromium.org
Components: Internals>Network>Filters
Yea, this one looked weird to me.  Seems worth investigation.  The filter code is in the middle of a major refactor, though, so may be best to wait until that's ironed out.
Cc: xunji...@chromium.org

Comment 5 by eustas@chromium.org, May 24 2016

Looks like a long known bug: when unexpected encoding stacks over known encoding, all the filters in the chain are simply leaked.
See: https://codereview.chromium.org/6674042/#msg6
Matt: should we mark this as fixed? 
Bacek landed a CL on May 12 to use std::unique_ptr instead of raw pointers.
https://chromium.googlesource.com/chromium/src/+/8f371550462da10bb82a3043aaa52e07ed452b9a

Comment 7 by mmenke@chromium.org, May 24 2016

Status: Fixed (was: Available)
SGTM.  A bug should have been filed for that bug for us to mark this a duplicate of.
Project Member

Comment 8 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment