New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 666684 link

Starred by 1 user
Status: Verified
Owner:
dominicc@chromium.org
Last visit > 30 days ago
Closed: Mar 2017
Cc:
nick@chromium.org
brajkumar@chromium.org
qingche...@opera.com
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Regression

Blocked on:
issue 703537


Sign in to add a comment

Undefined-shift in utf8_isName3

Project Member Reported by ClusterFuzz, Nov 18 2016

Comment 1 by ajha@chromium.org, Nov 18 2016

Labels: M-55
Project Member

Comment 2 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 3 by brajkumar@chromium.org, Jan 18 2017

Cc: brajkumar@chromium.org
Labels: -Type-Bug -Pri-2 Test-Predator-Wrong Pri-1 Type-Bug-Regression
Owner: mmoroz@chromium.org
Status: Assigned (was: Untriaged)
Find it and CL did not provide any possible suspect.
Using code search for file "expat_xml_parse_fuzzer.cc" from frame #21 suspecting the below change
Review URL: https://codereview.chromium.org/2000993003

mmoroz@ - Observed some recent changes on this file so assigning to you, could you please check if this is caused with respect to your change, if not please help us in reassign the issue to the right owner.

Thanks!

Comment 4 by mmoroz@chromium.org, Jan 18 2017

Cc: nick@chromium.org
Owner: dominicc@chromium.org
Passing it over to expat owners (https://cs.chromium.org/chromium/src/third_party/expat/OWNERS).
Project Member

Comment 5 by ClusterFuzz, Mar 24 2017 

ClusterFuzz has detected this issue as fixed in range 459024:459032.

Detailed report: https://clusterfuzz.com/testcase?key=6468082152505344

Fuzzer: libfuzzer_expat_xml_parse_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  utf8_isName3
  normal_scanLt
  doContent
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=397275:397295
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=459024:459032

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94Evcw9XcKsWP-GlSbix_ajS1EF0BromqN9Ky6BXgTwuDZhC6qDB9kO69sYVDoHgtMmFjV_ooqmvRV8ypcjynzGp0WMdgxMygLFLpZhHK2Llm123JC6cpFUCLjqt-RWb4CU8q-tGG--x68CkJ82BNrK_Z3F2Xm0XFBgSu-URd0RJ7B03DI1d_Lj9Gjv-nG-T1Ia4l42yMp-efvgvqSfJs22byQRX_D1A6qTWrCf4YXOrpWXCi55CRxlLCFq2Q5eWiIsy9u3V800NtVos5NQpDGejY0L8vVy6pG4ESvnNMYATMTfXz_DA_vQw-sCD24crlsizYR0ItY3IV2Dr2LMvZzS79mTO3B6omIlMChiSos4xA_GtHU?testcase_id=6468082152505344


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Mar 24 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6468082152505344 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 7 by dominicc@chromium.org, Mar 24 2017

Blockedon: 703537
Cc: qingche...@opera.com
qingchengl fixed this in r459025

Sign in to add a comment