Issue 698330 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 692817
Owner:	█ dominicc@chromium.org Last visit > 30 days ago
Closed:	Apr 2017
Cc:	kcc@chromium.org ddkil...@apple.com mmoroz@chromium.org █ aizatsky@chromium.org
Components:	Blink>XML
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	3
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Stability-Memory-LeakSanitizer Stability-Libfuzzer Clusterfuzz M-58 Test-Predator-Wrong

Indirect-leak in xmlBufResize

Project Member Reported by ClusterFuzz, Mar 3 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6692732333719552

Fuzzer: libfuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  xmlBufResize
  xmlBufAdd
  xmlStringGetNodeList
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=450688:450717

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96UzD1HSqTyEfqfF9Nx1cd7M6nNOhtPjOYaz3eGucyhA4z2Ggi_MaNTUko-J0VwM-iFgFvta6BvpEg07_EOEleQy0tZ9M0ybN4iXwQIzWMux58wKynqr4OZ-aizcUU4RHa3ectt23aNlYhKoZDxKk2XCbjQ2o6xuQ4Clw2fvhUU3mkVtsOZKr6NQDCpEFbXDcQIxM8zXda_w_WFrunj2EylftMym-6ddrkfgYBHyoEZtWphTDm6SSR5KB7oPC-GIGKGYJTnrQn8-0j2p6uYv1iyrNB3Cm5h4rwjZivv44i36zmk_oGs0JqmVU5OH1eOqBh_dEKRHYLrKp6Y-tkMnWx6_gsme4nDCFLpyQQRxs3EsxYIOGE?testcase_id=6692732333719552


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mummare...@chromium.org, Mar 3 2017

Cc: mmoroz@chromium.org kcc@chromium.org ddkil...@apple.com aizatsky@chromium.org
Components: Blink>XML
Labels: Test-Predator-Wrong M-58
Owner: dominicc@chromium.org
Status: Assigned (was: Untriaged)

dominicc@, could you please take a look and help us to find right owner?
Thank you.

Comment 2 by dominicc@chromium.org, Apr 13 2017

Labels: -Pri-1 Pri-3

I'm guessing the regression range is wrong and it is just pointing at this:

d61bcad3017676cfbc1a53c65a51ffcef331b56e

I'm going to bump the priority down on this; leaking is not as bad as UAF which is often the alternative given the complexities of libxml2 memory management.

Comment 3 by dominicc@chromium.org, Apr 14 2017

Mergedinto: 692817
Status: Duplicate (was: Assigned)

I think this is the same root cause as  Issue 692817 .

Project Member

Comment 4 by ClusterFuzz, Jun 21 2017

ClusterFuzz has detected this issue as fixed in range 480737:480767.

Detailed report: https://clusterfuzz.com/testcase?key=6692732333719552

Fuzzer: libFuzzer_libxml_xml_read_memory_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Indirect-leak
Crash Address: 
Crash State:
  xmlBufResize
  xmlBufAdd
  xmlStringGetNodeList
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=450688:450717
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=480737:480767

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6692732333719552


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 698330 link

Issue metadata

Indirect-leak in xmlBufResize

Issue description

Comment 1 by mummare...@chromium.org, Mar 3 2017

Comment 1 Deleted

Comment 2 by dominicc@chromium.org, Apr 13 2017

Comment 2 Deleted

Comment 3 by dominicc@chromium.org, Apr 14 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Jun 21 2017

Comment 4 Deleted

Sign in to add a comment