New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 648060 link

Starred by 1 user
Status: Fixed
Owner:
csharrison@chromium.org
Closed: Oct 2016
Cc:
kcc@chromium.org
timloh@chromium.org
csharrison@chromium.org
js...@chromium.org
mmoroz@chromium.org
ellyjo...@chromium.org
aizatsky@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

false. failed to open UTS46 data with error: 4 in url_canon_icu.cc

Project Member Reported by ClusterFuzz, Sep 18 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5675168699777024

Fuzzer: libfuzzer_stylesheet_contents_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  false. failed to open UTS46 data with error: 4 in url_canon_icu.cc
  url::IDNToASCII
  url::DoIDNHost
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=417838:417842

Minimized Testcase (2.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95lqdkACb5wB1T3zvUbvutxOPiJO_8uCBuQqc8a0RrZGk66ygnhOS72gqCpjaiPV3jAF1T0Dt-9QdJGFuV_GoIvrBlnfqRlXzN8W0YCaQqPj3GMgl0QhLbETmwKHPkuqjZ8oG88kv39C4SjdQQx8hDMIu1K9A?testcase_id=5675168699777024

Additional requirements: Requires Gestures

Issue manually filed by: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mmoroz@chromium.org, Sep 18 2016

Cc: mmoroz@chromium.org kcc@chromium.org ellyjo...@chromium.org aizatsky@chromium.org
Owner: js...@chromium.org
We've seen this issue several times found by different fuzzers. ellyjones@ suggested that we are missing some initialization stuff (https://bugs.chromium.org/p/chromium/issues/detail?id=640029#c2).

jshin@, would you mind taking a look and suggesting what could lead to this error?

Comment 2 by js...@chromium.org, Sep 27 2016 

ellyjones@ is right about that. 

You need to load the ICU data file from the disk. Otherwise, ICU will not have any data to process IDN. 

Where is your fuzzing code?

Comment 3 by mmoroz@google.com, Sep 28 2016 

Thanks jshin@. For this particular fuzzer the code is: https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/css/StyleSheetContentsFuzzer.cpp

Another fuzzer triggering the same crash is: https://cs.chromium.org/chromium/src/net/base/parse_data_url_fuzzer.cc

Comment 4 by csharrison@chromium.org, Oct 19 2016

Cc: js...@chromium.org
Owner: csharrison@chromium.org
Status: Started (was: Untriaged)
I will take ownership here, bugs will this trace should be duped to this one.

Comment 5 by csharrison@chromium.org, Oct 19 2016

Cc: timloh@chromium.org csharrison@chromium.org
 Issue 644667  has been merged into this issue.
Project Member

Comment 6 by bugdroid1@chromium.org, Oct 19 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b9b0496081edf4e7d3de04d49b32113a13a9d3f3

commit b9b0496081edf4e7d3de04d49b32113a13a9d3f3
Author: csharrison <csharrison@chromium.org>
Date: Wed Oct 19 16:27:55 2016

Ensure ICU initialization for blink libfuzzers

BUG= 648060 

Review-Url: https://chromiumcodereview.appspot.com/2433123002
Cr-Commit-Position: refs/heads/master@{#426218}

[modify] https://crrev.com/b9b0496081edf4e7d3de04d49b32113a13a9d3f3/third_party/WebKit/Source/platform/testing/BlinkFuzzerTestSupport.cpp

Comment 7 by csharrison@chromium.org, Oct 19 2016

Status: Fixed (was: Started)
Should be fixed.
Project Member

Comment 8 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment