Author: aizatsky
Project: chromium-libfuzzer
Changelist: https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer.git/+/6adef62758a3d1566ab36a77f4d0e1547085b80d
Time: Fri Aug 05 20:09:53 2016
File FuzzerLoop.cpp is changed in this cl (and is part of stack frame #4, "fuzzer::Fuzzer::ExecuteCallback"; frame #5, "fuzzer::Fuzzer::RunOne")
Minimum distance from crash line to modified line: 2. (file: FuzzerLoop.cpp, crashed on: 445, modified: 447).

Suspected Project: chromium-libfuzzer

aizatsky@, could you please take a look and help us to find correct owner if it is not related your changes. 

Wrong owner assignment. Mike is a memory tool author.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/39ad5ff8e03689a22f387699b595952a7dc93fda

commit 39ad5ff8e03689a22f387699b595952a7dc93fda
Author: rsesek <rsesek@chromium.org>
Date: Fri Nov 04 16:50:43 2016

Fix a null-deref in safe_browsing::dmg::UDIFParser::ParseBlkx.

The typechecking CFCast<T> returns null if the source type does not match
the destination type, but ParseBlkx was not checking the result for null.

BUG= 654926 
R=nparker@chromium.org

Review-Url: https://codereview.chromium.org/2468263003
Cr-Commit-Position: refs/heads/master@{#429918}

[modify] https://crrev.com/39ad5ff8e03689a22f387699b595952a7dc93fda/chrome/utility/safe_browsing/mac/udif.cc

ClusterFuzz has detected this issue as fixed in range 429907:429934.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5850730311450624

Fuzzer: libfuzzer_safe_browsing_dmg_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  CFDictionaryGetValue
  __CFData const* base::mac::GetValueFromDictionary<__CFData const*>
  safe_browsing::dmg::UDIFParser::ParseBlkx
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=410288:412598
Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=429907:429934

Minimized Testcase (8.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95wudAGJ1ZTIAPimae7LKTNSfB2fWAgmJscNR7C9g8bb6BXZ2J3zvYCDwk2zibDYiXadWt9AmCXns-q55-ZC_12sY9hrH0iEdA2NwWPPsMiTGNMSFjtkvQgqWiWcNR_iiYZWjaArSNLXrChFTKS5UpdOGEUBw?testcase_id=5850730311450624

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot