Issue 689985 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Merged:	issue 676905
Owner:	█ dominicc@chromium.org Last visit > 30 days ago
Closed:	Jul 2017
Cc:	█ nick@chromium.org
Components:	Blink>XML
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Stability-Memory-LeakSanitizer Stability-Libfuzzer Clusterfuzz Test-Predator-Correct-CLs

Indirect-leak in storeAtts

Project Member Reported by ClusterFuzz, Feb 8 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4869445584683008

Fuzzer: libfuzzer_expat_xml_parse_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  storeAtts
  doContent
  contentProcessor
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96ShmUtWi5qSAHP2xpC-l6_8GZi77Ma2EmdvTyBvFn6Nq7MMNfbaw1c-EQuIgUoeDGQFXbLlgKg-64I6TVrr8o4X_kf6Cuuq0WmrIMgO5lza_EA7cXoUIMYCaXJET3Imu2j8t0WKG_tIQQi8-28ZB3S0d3zrjoXesAaPEhb94VCiOFtUj_9i9aQ_wLZsBARkBurSnGYEHb5V6St-yU6rcy1I70HC9UWVa_tjT1cAa77HSWZGHtKe47fnqBKv9u4mYrN9m1WTyXL9mpGBzJKC6sJdnVpQr8kLM4sw6F9YxH9jACk_v04bAAl9zqziaqhDnfJhcwi6slkqWHiFqk6wvVKY93Y5IZVFM6o16V2HnN6LZNMyvVha-Gq_zScEK9XUNL9lwo8k7kPv375VMyAzTJajJF4xg?testcase_id=4869445584683008


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by msrchandra@chromium.org, Feb 8 2017

Cc: nick@chromium.org
Components: Infra>Git
Labels: Test-Predator-Correct-CLs
Owner: aizatsky@chromium.org
Status: Assigned (was: Untriaged)

Assigning to the concern owner from Find it results --
Regression information is not available. The result is the blame information. 

Author: nick@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c0ba2a0d704149385556397589de783130ea6d2f
Time: Mon Sep 14 19:20:47 2009
The CL last changed line 3041 of file xmlparse.c, which is stack frame 1. 

Author: nick@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c0ba2a0d704149385556397589de783130ea6d2f
Time: Mon Sep 14 19:20:47 2009
The CL last changed line 2483 of file xmlparse.c, which is stack frame 2. 

Author: dpino@igalia.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/f0a0972a36ba2042c41f5534cb420213dca77397
Time: Wed Feb 12 19:09:47 2014
The CL last changed line 2124 of file xmlparse.c, which is stack frame 3. 

Author: nick@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c0ba2a0d704149385556397589de783130ea6d2f
Time: Mon Sep 14 19:20:47 2009
The CL last changed line 4035 of file xmlparse.c, which is stack frame 4. 

Author: dpino@igalia.com
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/f0a0972a36ba2042c41f5534cb420213dca77397
Time: Wed Feb 12 19:09:47 2014
The CL last changed line 3758 of file xmlparse.c, which is stack frame 5. 

Author: nick@chromium.org
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/c0ba2a0d704149385556397589de783130ea6d2f
Time: Mon Sep 14 19:20:47 2009
The CL last changed line 1651 of file xmlparse.c, which is stack frame 6. 

Author: aizatsky
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/7755511101817d4baed54f361622e3084147079f
Time: Thu Aug 11 22:08:40 2016
The CL last changed line 24 of file expat_xml_parse_fuzzer.cc, which is stack frame 7.

@aiztsky -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by mmoroz@chromium.org, Apr 21 2017

Components: -Infra>Git Blink>XML
Labels: -Pri-1 Pri-2
Owner: dominicc@chromium.org

Passing this to expat owners. I believe that we have something similar on OSS-Fuzz, maybe we'll get it fixed in the trunk soon...

Comment 3 by ta...@google.com, Jul 30 2017

Mergedinto: 676905
Status: Duplicate (was: Assigned)

This testcase now crashes with the signature in 676905

►

Issue 689985 link

Issue metadata

Indirect-leak in storeAtts

Issue description

Comment 1 by msrchandra@chromium.org, Feb 8 2017

Comment 1 Deleted

Comment 2 by mmoroz@chromium.org, Apr 21 2017

Comment 2 Deleted

Comment 3 by ta...@google.com, Jul 30 2017

Comment 3 Deleted

Sign in to add a comment