Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Assigning to the concern owner from find it results --
Regression information is not available. The result is the blame information. 

Author: jshin@chromium.org
Project: chromium-icu
Changelist: https://chromium.googlesource.com/chromium/deps/icu.git/+/6f31ac30b9092fd02a8c97e5216cf53f3e4fae41
Time: Wed Mar 26 22:15:14 2014
The CL last changed line 3211 of file regexcmp.cpp, which is stack frame 4. 

Author: jshin@chromium.org
Project: chromium-icu
Changelist: https://chromium.googlesource.com/chromium/deps/icu.git/+/6f31ac30b9092fd02a8c97e5216cf53f3e4fae41
Time: Wed Mar 26 22:15:14 2014
The CL last changed line 314 of file regexcmp.cpp, which is stack frame 5. 

Author: jshin@chromium.org
Project: chromium-icu
Changelist: https://chromium.googlesource.com/chromium/deps/icu.git/+/6f31ac30b9092fd02a8c97e5216cf53f3e4fae41
Time: Wed Mar 26 22:15:14 2014
The CL last changed line 393 of file repattrn.cpp, which is stack frame 6.


Suspecting the CL --
Changelist: https://chromium.googlesource.com/chromium/deps/icu.git/+/6f31ac30b9092fd02a8c97e5216cf53f3e4fae41

@jshin -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Andy, could you take a look? Thanks 

Attached is a standalone program to reproduce the 'assertion trigger'. (taken from icu_uregex_open_fuzzer.cc). 

I'll file a bug against ICU. 

Deleted: regex_fuzz.cpp 1.4 KB

regex_fuzz.cpp 1.4 KB View Download

Filed http://bugs.icu-project.org/trac/ticket/12930 
Andy, can you take a look? Thanks !

Yes.

Fixed in upstream ICU.

To get the patch,

svn diff --internal-diff -c 39663 http://source.icu-project.org/repos/icu/trunk/icu4c

ClusterFuzz has detected this issue as fixed in range 455091:455226.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6068904670789632

Fuzzer: libfuzzer_icu_uregex_open_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  currentLen>=0 && currentLen < (NUMBER)
  icu_58::RegexCompile::minMatchLength
  icu_58::RegexCompile::compile
  
Sanitizer: address (ASAN)

Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=455091:455226

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94jRfrr_tvLOYMHPj8T_hD_eDKFkVL0ta_dYLL1zMnv-MinKtNhPncRSF8SWymBkPJ3S_-OaVRU_sHE8EFjxKZTU2Whi6MtOl8lOdlE04jBwf0q11I3VoCIjEMcgxXUzG3KrShGChUJ594w7zsoy8kSfRi1jCkpN_QwUwp_SNxTdBBlyOgEiLIuuODgn1U-joYJdIIm9ZpYdgQ78sbpAlIM4y_OD3Bc7S1wjMF5eVsnK3lVvUgjQFRCcQl62VeYOL6ZeqObYqLvLncoXjEvcAfAVQkMwjSvmrUr1gBDTuvVG2KDAzkSi_X-sV76928-xvUgK2kJAYfskPBLM9ALyqIr5fvN2ZMiugnWPuaIEc19PP0f578?testcase_id=6068904670789632


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6068904670789632 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.