Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5084044871335936 Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: base::Time::FromExploded base::Time::FromLocalExploded net::FtpUtil::LsDateListingToTime Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=423338:423416 Minimized Testcase (8.60 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97cfjWOCl8PBVBuGQvrRS3zw5vdIqrAeJEFs862nYmIUm9IfArrl6SApQr26MWz1j34kbeIrkyFv63d7MMbAiS3R-U1EcqLTq6i8dkNQbtESsqTmAQ-tiqtgT6Rgd9jDFf98v8w2dkRIkB2Fcv2rf8081x3YA?testcase_id=5084044871335936 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
https://codereview.chromium.org/2532243005/
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/63a9a63fa1c229c3eb062ad5339984a165301384 commit 63a9a63fa1c229c3eb062ad5339984a165301384 Author: davidben <davidben@chromium.org> Date: Tue Nov 29 20:38:31 2016 Fix more integer underflow cases in base::Time::FromExploded. https://codereview.chromium.org/2405453002 fixed some of it, but there were still others. The subtractions to pick a different starting point for the year and month may also underflow. BUG= 668445 Review-Url: https://codereview.chromium.org/2532243005 Cr-Commit-Position: refs/heads/master@{#435073} [modify] https://crrev.com/63a9a63fa1c229c3eb062ad5339984a165301384/base/time/time_posix.cc [modify] https://crrev.com/63a9a63fa1c229c3eb062ad5339984a165301384/base/time/time_unittest.cc
ClusterFuzz has detected this issue as fixed in range 435009:435078. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5084044871335936 Fuzzer: libfuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: base::Time::FromExploded base::Time::FromLocalExploded net::FtpUtil::LsDateListingToTime Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=423338:423416 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=435009:435078 Minimized Testcase (8.60 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97cfjWOCl8PBVBuGQvrRS3zw5vdIqrAeJEFs862nYmIUm9IfArrl6SApQr26MWz1j34kbeIrkyFv63d7MMbAiS3R-U1EcqLTq6i8dkNQbtESsqTmAQ-tiqtgT6Rgd9jDFf98v8w2dkRIkB2Fcv2rf8081x3YA?testcase_id=5084044871335936 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by ajha@chromium.org
, Nov 24 2016Labels: M-55