Crash in URLRequestDataJobFuzzerHarness::ReadFromRequest |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4873546866360320 Fuzzer: libfuzzer_net_data_job_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x03e9000018f6 Crash State: URLRequestDataJobFuzzerHarness::ReadFromRequest URLRequestDataJobFuzzerHarness::OnResponseStarted net::URLRequest::NotifyResponseStarted Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408389:408457 Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95zyNwABKPZCY8UU6c1-yrfY5fMxkUywu-muryhFUdcvZZJvGlgVkvClB6fZRsYaSL_NWuJFoSdrS0iEjuFy9IECMzN5hrIZKZ_RCGfP_KXPgw42VUyZ1X7_c29bTffA1RsfBV8_ZQEcs7k-9P6zn3aE1j28A?testcase_id=4873546866360320 Filer: rnimmagadda See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 29 2016
Adding Internals>Network. Looks like nothing in the regression range is net related so this could possibly be me doing some async task posting wrong. I'll see if I can repro on TOTT asan. also cc eroman who reviewed this fuzzer :)
,
Jul 29 2016
,
Jul 29 2016
This is probably due to DCHECKs being enabled on the fuzzers, rather than being a regression.
,
Jul 29 2016
,
Jul 29 2016
,
Jul 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4688e186bfb90fcba1725ff713e54af756cd00e9 commit 4688e186bfb90fcba1725ff713e54af756cd00e9 Author: mmenke <mmenke@chromium.org> Date: Fri Jul 29 21:00:26 2016 A couple fixes to net_data_job_fuzzer. In particular, the code was being run on non-data URLs, which caused it to do weird and exciting things, and it had an incorrect DCHECK. BUG= 632605 Review-Url: https://codereview.chromium.org/2191323005 Cr-Commit-Position: refs/heads/master@{#408737} [modify] https://crrev.com/4688e186bfb90fcba1725ff713e54af756cd00e9/net/url_request/url_request_data_job_fuzzer.cc
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408457:408535. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4873546866360320 Fuzzer: libfuzzer_net_data_job_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x03e9000018f6 Crash State: URLRequestDataJobFuzzerHarness::ReadFromRequest URLRequestDataJobFuzzerHarness::OnResponseStarted net::URLRequest::NotifyResponseStarted Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408389:408457 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408457:408535 Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95zyNwABKPZCY8UU6c1-yrfY5fMxkUywu-muryhFUdcvZZJvGlgVkvClB6fZRsYaSL_NWuJFoSdrS0iEjuFy9IECMzN5hrIZKZ_RCGfP_KXPgw42VUyZ1X7_c29bTffA1RsfBV8_ZQEcs7k-9P6zn3aE1j28A?testcase_id=4873546866360320 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by rnimmagadda@chromium.org
, Jul 29 2016Labels: -Pri-1 -Type-Bug M-54 Findit-for-crash Te-Logged Pri-2 Type-Bug-Regression
Owner: csharrison@chromium.org
Status: Assigned (was: Untriaged)