Crash in base::debug::DebugBreak |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5598807900553216 Fuzzer: libfuzzer_net_url_request_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x03e900001fe2 Crash State: base::debug::DebugBreak net::FilterSourceStream::DoFilterData net::FilterSourceStream::DoLoop Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=427323:427365 Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94zSE-kF9p7_1gvQ4OkRF574rLqBCCqAVWxIBqqpsvHWUBHN5ZIC09tYWhUPbJzb7dvT99sKKlUMTOfVlfIMIWGuIs3XPQf21Vb3IUoiwGT5YpsD3bj7qUCkPBJpFd2sCcFrhpXYhoOl1SlLRycWL67ORJwpA?testcase_id=5598807900553216 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 26 2016
Thanks! I will look into it asap. cc-ing my reviewers so they know I am on it.
,
Oct 26 2016
The bug is in the new net::BrotliSourceStream. I will upload a fix shortly and will send it for review.
,
Oct 26 2016
Proposed fix https://codereview.chromium.org/2451833004
,
Oct 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c4780eac0d48c8b57244a9cbcf8bfe7271b532f4 commit c4780eac0d48c8b57244a9cbcf8bfe7271b532f4 Author: xunjieli <xunjieli@chromium.org> Date: Wed Oct 26 19:05:29 2016 Fix net::BrotliSourceStream to ignore trailing data. When net::BrotliSourceStream is given a valid input but with trailing data, BrotliSourceStream will consume valid input but not the trailing data. This triggers a DCHECK in FilterSourceStream which asserts that either all bytes are consumed or bytes written is not 0. This CL matches the original implementation (net::BrotliFilter) more closely. If there is any trailing data, the data will be ignored. This CL adds a regression test which without the patch will trigger the DCHECK. BUG= 659311 Review-Url: https://codereview.chromium.org/2451833004 Cr-Commit-Position: refs/heads/master@{#427770} [modify] https://crrev.com/c4780eac0d48c8b57244a9cbcf8bfe7271b532f4/net/filter/brotli_source_stream.cc [modify] https://crrev.com/c4780eac0d48c8b57244a9cbcf8bfe7271b532f4/net/filter/brotli_source_stream_unittest.cc
,
Oct 26 2016
,
Oct 27 2016
ClusterFuzz has detected this issue as fixed in range 427755:427846. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5598807900553216 Fuzzer: libfuzzer_net_url_request_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x03e900001fe2 Crash State: base::debug::DebugBreak net::FilterSourceStream::DoFilterData net::FilterSourceStream::DoLoop Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=427323:427365 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=427755:427846 Minimized Testcase (0.04 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94zSE-kF9p7_1gvQ4OkRF574rLqBCCqAVWxIBqqpsvHWUBHN5ZIC09tYWhUPbJzb7dvT99sKKlUMTOfVlfIMIWGuIs3XPQf21Vb3IUoiwGT5YpsD3bj7qUCkPBJpFd2sCcFrhpXYhoOl1SlLRycWL67ORJwpA?testcase_id=5598807900553216 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mmohammad@chromium.org
, Oct 25 2016Status: Assigned (was: Untriaged)