New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 644273 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Oct 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug



Sign in to add a comment

Crash in get

Project Member Reported by ClusterFuzz, Sep 6 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6686577764073472

Fuzzer: libfuzzer_mhtml_parser_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  get
  blink::ThreadState::current
  allocate<blink::MIMEHeader>
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=410288:412598

Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv963g89F7BMkHORslNkRENTxRZEW2zM2UazblSbNI1mGBBD3dsF9ZwKBhaaeyAmuwW7tjr1DkSdMKgIZz7bd_2BYj-Mu-pqiVeVJCpsKy--8ObVX0LBH0jmFOOZyGhW6mUTLDy3f7HYAMJz29_mZZ8Es7MQOiQ?testcase_id=6686577764073472

Issue manually filed by: ashejole

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 
Cc: ashej...@chromium.org
Components: Tools>Test>FindIt>CorrectResult
Labels: M-55 Te-Logged
Owner: esprehn@chromium.org
Status: Assigned (was: Untriaged)
Suspected CLs	Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: esprehn
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/4566bb7bf4a2c0d56474cd0b9e2f131df11d331d
Time: Mon Apr 04 21:38:37 2016
The CL last changed line 150 of file ThreadSpecific.h, which is stack frame 0.

Author: esprehn
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/4566bb7bf4a2c0d56474cd0b9e2f131df11d331d
Time: Mon Apr 04 21:38:37 2016
The CL last changed line 266 of file ThreadSpecific.h, which is stack frame 1.

Author: esprehn
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/4566bb7bf4a2c0d56474cd0b9e2f131df11d331d
Time: Mon Apr 04 21:38:37 2016
The CL last changed line 287 of file ThreadSpecific.h, which is stack frame 2.

Author: haraken@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/14208380a4b15c36a3a260ebc0c89a2b0e9d567e
Time: Tue Oct 14 03:24:55 2014
The CL last changed line 211 of file ThreadState.h, which is stack frame 3.

Author: sigbjornf@opera.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/43b9cf70c07f54f929cbe4617b6bbdbb438023b9
Time: Sun Mar 08 23:33:48 2015
The CL last changed line 567 of file Heap.h, which is stack frame 4.

Author: keishi
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/011b8046a07ac2cedde530a05f81e8fb41f80c62
Time: Thu Apr 14 14:21:40 2016
The CL last changed line 467 of file Heap.h, which is stack frame 5.

Author: sigbjornf@opera.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/16cd046c71c40f83d9ed1aa3fa8bfa52a3541211
Time: Mon Jun 01 15:45:58 2015
The CL last changed line 462 of file Heap.h, which is stack frame 6.

Suspected Project: chromium
-------------------------------------
Plausible offending CL: https://chromium.googlesource.com/chromium/src/+/4566bb7bf4a2c0d56474cd0b9e2f131df11d331d ?

Hey, would you mind checking the above issue and see if it's related to your change ?
However, if it doesn't then do help us in assigning it to appropriate owner.

Appreciate your help.

Thank you!
Cc: esprehn@chromium.org
Components: Blink>SavePage
Owner: csharrison@chromium.org
Project Member

Comment 3 by ClusterFuzz, Oct 6 2016

ClusterFuzz has detected this issue as fixed in range 423384:423408.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6686577764073472

Fuzzer: libfuzzer_mhtml_parser_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  get
  blink::ThreadState::current
  allocate<blink::MIMEHeader>
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=410288:412598
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=423384:423408

Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv963g89F7BMkHORslNkRENTxRZEW2zM2UazblSbNI1mGBBD3dsF9ZwKBhaaeyAmuwW7tjr1DkSdMKgIZz7bd_2BYj-Mu-pqiVeVJCpsKy--8ObVX0LBH0jmFOOZyGhW6mUTLDy3f7HYAMJz29_mZZ8Es7MQOiQ?testcase_id=6686577764073472

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Oct 6 2016

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment