New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 665405 link

Starred by 1 user
Status: Fixed
Owner:
mmoroz@chromium.org
Closed: Nov 2016
Cc:
sh...@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Out-of-memory in sqlite3_prepare_v2_fuzzer

Project Member Reported by ClusterFuzz, Nov 15 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6668805083496448

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory
Crash Address: 
Crash State:
  sqlite3_prepare_v2_fuzzer
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=395689:395794

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94kOnOToCsXRIhZD1L3FwqXrew3iKq9F0MIvpfeWfOlcRhF72EoSNgsyOabL2lMtgf_ayYbNsbfrOeemyTRl70iq_pVPOQMMqkCrFPqMkBDi1GX8l0VMzIeQbDu0zKMv2XAcgMMr4CQVJPLPN1YimqXpJgt3Q?testcase_id=6668805083496448
�SELECT printf(
'%*e`-%',2E9 )lt


Issue manually filed by: mmoroz

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mmoroz@chromium.org, Nov 15 2016

Cc: sh...@chromium.org
Owner: mmoroz@chromium.org
 Issue 657486  didn't fix all possible cases.

Comment 2 by mmoroz@chromium.org, Nov 15 2016

Status: Fixed (was: Untriaged)
https://codereview.chromium.org/2506593002/
Project Member

Comment 3 by bugdroid1@chromium.org, Nov 15 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8b8df507bb85f8e398b6120e7bc7b3182966aaa8

commit 8b8df507bb85f8e398b6120e7bc7b3182966aaa8
Author: mmoroz <mmoroz@chromium.org>
Date: Tue Nov 15 13:52:49 2016

Add SQLITE_PRINTF_PRECISION_LIMIT=128000000 for sqlite3 fuzzer builds.

TBR=shess@chromium.org
BUG= 665405 

Review-Url: https://codereview.chromium.org/2506593002
Cr-Commit-Position: refs/heads/master@{#432172}

[modify] https://crrev.com/8b8df507bb85f8e398b6120e7bc7b3182966aaa8/third_party/sqlite/BUILD.gn
Project Member

Comment 4 by ClusterFuzz, Nov 18 2016 

ClusterFuzz has detected this issue as fixed in range 432158:432172.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6668805083496448

Fuzzer: libfuzzer_sqlite3_prepare_v2_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory
Crash Address: 
Crash State:
  sqlite3_prepare_v2_fuzzer
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=395689:395794
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=432158:432172

Minimized Testcase (0.03 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94kOnOToCsXRIhZD1L3FwqXrew3iKq9F0MIvpfeWfOlcRhF72EoSNgsyOabL2lMtgf_ayYbNsbfrOeemyTRl70iq_pVPOQMMqkCrFPqMkBDi1GX8l0VMzIeQbDu0zKMv2XAcgMMr4CQVJPLPN1YimqXpJgt3Q?testcase_id=6668805083496448
�SELECT printf(
'%*e`-%',2E9 )lt


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment