Issue metadata
Sign in to add a comment
|
Crash in SuggestMgr::leftcommonsubstring |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6645225435168768 Fuzzer: libfuzzer_hunspell_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000091 Crash State: SuggestMgr::leftcommonsubstring SuggestMgr::ngsuggest Hunspell::suggest Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401846:401864 Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94DbYaxDUptpjqk3aYrHuR_7HtXSiWcEBAG5PbBVm7LZPB9hvPk5juMstAFwQIRyhFefvE-1z-Umj91iZttqlzKeeJvh5XdEfo9XS-u00S8unI1CkS_T-WnnZIR98d_bY28t-2leJtWA_seLhj6w_JvDNHtdg?testcase_id=6645225435168768 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4698042800537600 Fuzzer: libfuzzer_hunspell_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000091 Crash State: SuggestMgr::leftcommonsubstring SuggestMgr::ngsuggest Hunspell::suggest Minimized Testcase (0.19 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94IzgJfuwDLUFDKESqvBjGWsaKnxlVWzFJQflAuzfqwB7dzqePKelmQukQeEMQdGksDHEVnrhC82S0QWteitSOM3sChUKH5rN3Cg9nSofcn2DK7kkGdkodi0MUYM2LbcbGQk9s9nnnQywTymX6P8GXUBmstmw?testcase_id=4698042800537600 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 29 2016
,
Jun 29 2016
,
Jun 29 2016
,
Jun 30 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6645225435168768 Fuzzer: libfuzzer_hunspell_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000091 Crash State: SuggestMgr::leftcommonsubstring SuggestMgr::ngsuggest Hunspell::suggest Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401846:401864 Minimized Testcase (0.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94DbYaxDUptpjqk3aYrHuR_7HtXSiWcEBAG5PbBVm7LZPB9hvPk5juMstAFwQIRyhFefvE-1z-Umj91iZttqlzKeeJvh5XdEfo9XS-u00S8unI1CkS_T-WnnZIR98d_bY28t-2leJtWA_seLhj6w_JvDNHtdg?testcase_id=6645225435168768 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 6 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4698042800537600 Fuzzer: libfuzzer_hunspell_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000091 Crash State: SuggestMgr::leftcommonsubstring SuggestMgr::ngsuggest Hunspell::suggest Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401846:401864 Minimized Testcase (0.19 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94IzgJfuwDLUFDKESqvBjGWsaKnxlVWzFJQflAuzfqwB7dzqePKelmQukQeEMQdGksDHEVnrhC82S0QWteitSOM3sChUKH5rN3Cg9nSofcn2DK7kkGdkodi0MUYM2LbcbGQk9s9nnnQywTymX6P8GXUBmstmw?testcase_id=4698042800537600 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 21 2016
,
Aug 27 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5849359910699008 Fuzzer: libfuzzer_hunspell_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000091 Crash State: SuggestMgr::leftcommonsubstring SuggestMgr::ngsuggest Hunspell::suggest Minimized Testcase (0.07 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94ywQx0ZiiZoMc3GRJGX0f1E4a0fHr0y4I5WcMskmh5lsW7hsm6cDB6V11ZcURo37zB7j8y7JqtUJDJ_TvfliIZH68RnCsXZe6LLxhtvJvaekZB4UKlggqDUdMA6EM6vDzcfyqjNh5DmJcEPgQWgrG_ixxszA?testcase_id=5849359910699008 Issue manually filed by: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 1 2016
,
Oct 13 2016
,
Nov 9 2016
Any chance to fix this? Fuzzer almost always hits this crash and literally does nothing for the last 4 months.
,
Nov 9 2016
I'm not familiar with hunspell's codebase, but after a quick look it seems that global `csconv` pointer (https://cs.chromium.org/chromium/src/third_party/hunspell/src/hunspell/suggestmgr.hxx?sq=package:chromium&type=cs&rcl=1478665324&l=45) is not initialized in some cases: https://cs.chromium.org/chromium/src/third_party/hunspell/src/hunspell/suggestmgr.cxx?q=file:src/third_party/hunspell/src/hunspell/suggestmgr.cxx+csconv&sq=package:chromium&dr=C&l=128 but then it can be used anyway: https://cs.chromium.org/chromium/src/third_party/hunspell/src/hunspell/suggestmgr.cxx?sq=package:chromium&type=cs&l=1998 Not sure if it is a bug or an incorrect usage (we do not initialize something?), but it shouldn't take much time for people familiar with hunspell. I'd recommend to use some of recent CF reports (e.g. https://cluster-fuzz.appspot.com/v2/testcase-detail/5849359910699008) to reproduce. Thanks in advance!
,
Dec 2 2016
,
Dec 14 2016
ClusterFuzz has detected this issue as fixed in range 438154:438196. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5849359910699008 Fuzzer: libfuzzer_hunspell_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000091 Crash State: SuggestMgr::leftcommonsubstring SuggestMgr::ngsuggest Hunspell::suggest Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=401846:401864 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=438154:438196 Minimized Testcase (0.07 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94ywQx0ZiiZoMc3GRJGX0f1E4a0fHr0y4I5WcMskmh5lsW7hsm6cDB6V11ZcURo37zB7j8y7JqtUJDJ_TvfliIZH68RnCsXZe6LLxhtvJvaekZB4UKlggqDUdMA6EM6vDzcfyqjNh5DmJcEPgQWgrG_ixxszA?testcase_id=5849359910699008 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 14 2016
ClusterFuzz testcase 5849359910699008 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 15 2016
,
Mar 23 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 27 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Jun 29 2016Labels: Pri-1
Owner: groby@chromium.org