Detailed report: https://clusterfuzz.com/testcase?key=5667926956048384 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: UNKNOWN WRITE Crash Address: 0x000000000000 Crash State: blink::chromiumGetLastError sqlite3ErrorFinish sqlite3VdbeTransferError Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=458106:458162 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94Uk2SpDAc0j1ssKbSQ1T0ZdNV7de4t0Jpb9ytMPG7fx71gLidUWnX0smKuqb_f8gmsDziIdulvux6MdMuMKLWPvboyuQGRU8U4Rx2zZbnL5YvtVYxgJO6HB77fEqYfjQ95qMuRG1tcc8sMybHrGKLau_f9x2KZnyyMJj2waa9OSKuDklE05yc4m_5v3DCLEP3Usrr7WRu0zXVMFpPtfs0FtMYuSaIAYp3i-zO1MwJDlNIHecB339foh82JAsUBC-xiEcqxLlKo2q2CrV44ExLppH32hQs0z__Gy2N4kkZnj18BagyRJyiOFMaK8Kmgr8JhVpYxkNTrQkdxJyMZk1bf54j-l5bzwJ3oTwR1K_71C4TYmxWkJBQ2Z0Fg2NnYvUe3GSsteQrT2oqiRFNN1kOjYRzrXg?testcase_id=5667926956048384 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Author: Scott Hess Project: chromium Changelist: https://chromium.googlesource.com/chromium/src/+/0270407c0555655d204235d1fa39c86d453cb809 Time: Mon Mar 20 19:38:21 2017 Lines 20299-20301, 20321-20327, 27714, 27725-27737, 74052, 76555 of file sqlite3.c which potentially caused crash are changed in this cl (frame #1, "sqlite3OsGetLastError"; frame #2, "sqlite3SystemError"; frame #3, "sqlite3ErrorFinish"; frame #4, "sqlite3Error"; frame #5, "sqlite3VdbeTransferError"; frame #6, "sqlite3Step"). Minimum distance from crash line to modified line: 0. (file: sqlite3.c, crashed on: 27711, modified: 27711).
I think this is a dupe of issue 704009 , but I'll leave it separate and close when I close that to make sure the automated tooling doesn't get confused.
ClusterFuzz has detected this issue as fixed in range 458746:463137. Detailed report: https://clusterfuzz.com/testcase?key=5667926956048384 Fuzzer: inferno_layout_test_unmodified Job Type: mac_asan_content_shell Platform Id: mac Crash Type: UNKNOWN WRITE Crash Address: 0x000000000000 Crash State: blink::chromiumGetLastError sqlite3ErrorFinish sqlite3VdbeTransferError Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=458106:458162 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_content_shell&range=458746:463137 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94Uk2SpDAc0j1ssKbSQ1T0ZdNV7de4t0Jpb9ytMPG7fx71gLidUWnX0smKuqb_f8gmsDziIdulvux6MdMuMKLWPvboyuQGRU8U4Rx2zZbnL5YvtVYxgJO6HB77fEqYfjQ95qMuRG1tcc8sMybHrGKLau_f9x2KZnyyMJj2waa9OSKuDklE05yc4m_5v3DCLEP3Usrr7WRu0zXVMFpPtfs0FtMYuSaIAYp3i-zO1MwJDlNIHecB339foh82JAsUBC-xiEcqxLlKo2q2CrV44ExLppH32hQs0z__Gy2N4kkZnj18BagyRJyiOFMaK8Kmgr8JhVpYxkNTrQkdxJyMZk1bf54j-l5bzwJ3oTwR1K_71C4TYmxWkJBQ2Z0Fg2NnYvUe3GSsteQrT2oqiRFNN1kOjYRzrXg?testcase_id=5667926956048384 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Comment 1 by mummare...@chromium.org
, Mar 21 2017Owner: sh...@chromium.org
Status: Assigned (was: Untriaged)