Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in __msan::MsanAllocate |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6391923901464576 Fuzzer: libfuzzer_gpu_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: __msan::MsanAllocate yylex_init_extra glslang_initialize Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=438777:438804 Minimized Testcase (0.58 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94EXY68eTkwk6jNcXSqjdlg5QVsL2iXne3550CbAYP5VrOUwFZpIUWjtxcotprxSmCt7mhLhoFh1hcTX8RvbwIZxtBIJDLuxwryLIN8bqroAidb3LAfK_GGCPHk24g0QcTm_nDuWyJMeoF3pnwArwjsYRPX1w?testcase_id=6391923901464576 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Dec 16 2016
Issue 675066 has been merged into this issue.
,
Dec 16 2016
I couldn't reproduce it (the case is pretty bizarre: msan run-time calls into libFuzzer hook which is instrumented with msan and so msan reads random region of msan shadow) but I hope llvm r289999 fixes this. Max, please update libFuzzer.
,
Dec 17 2016
,
Dec 17 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f7b34fcbff637ea27579ba666bc12a5a36cbf668 commit f7b34fcbff637ea27579ba666bc12a5a36cbf668 Author: mmoroz <mmoroz@chromium.org> Date: Sat Dec 17 13:22:57 2016 [libfuzzer] Roll libFuzzer 4d737af..2d19afd. https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer/+log/4d737af..2d19afd BUG= 675195 TBR=inferno@chromium.org,kcc@chromium.org Review-Url: https://codereview.chromium.org/2586703002 Cr-Commit-Position: refs/heads/master@{#439340} [modify] https://crrev.com/f7b34fcbff637ea27579ba666bc12a5a36cbf668/DEPS
,
Dec 17 2016
,
Dec 17 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 17 2016
,
Dec 17 2016
,
Dec 17 2016
,
Dec 18 2016
ClusterFuzz has detected this issue as fixed in range 439337:439343. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6391923901464576 Fuzzer: libfuzzer_gpu_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: __msan::MsanAllocate yylex_init_extra glslang_initialize Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=438777:438804 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=439337:439343 Minimized Testcase (0.58 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94EXY68eTkwk6jNcXSqjdlg5QVsL2iXne3550CbAYP5VrOUwFZpIUWjtxcotprxSmCt7mhLhoFh1hcTX8RvbwIZxtBIJDLuxwryLIN8bqroAidb3LAfK_GGCPHk24g0QcTm_nDuWyJMeoF3pnwArwjsYRPX1w?testcase_id=6391923901464576 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 18 2016
ClusterFuzz testcase 4515361421787136 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 18 2016
,
Mar 26 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by kcc@chromium.org
, Dec 16 2016