Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in sqlite3VdbeExec |
||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5708649772351488 Fuzzer: ochang_search_index_mutator Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sqlite3VdbeExec sqlite3_step sql::Statement::StepInternal Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=463021:463085 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96SxZmXrbEpzA2iwkCxgEintPU4IEDA1PjFmTHplSNvFpGOgeQ4xu-MpwZbJp8sCQrfYSOWG5wyCN8OsR68Og0eT26rWj-s99kOk4MPB7JaYP5r4WjwM8WryxL-ZZpQHw9waH9wlp8ZBA5Wmra490MV2OoxzzobLhCtc_000Ff_IvfZOvPwIo_a9UCYqxL6urxy9MAwWw9mrpGH07BXG72O3qDBMn2fORTpLULpHMzJiWouEOsDtwv0abI3oj1-QZtNmKbPplid1nsTExAF0oziNgwgak1mSF7yzZtXrS4AbazLpcQHJxipsjvJK1rXI4OkPdRg1Grj1O_tqjkP22wQK_nbkCrv8wa5ac6vdtsWVdneibM?testcase_id=5708649772351488 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 8 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 8 2017
,
Apr 10 2017
It looks like the history service is tripping up SQLite when it's adding a download to the history database. This is probably a bug in SQLite itself, but perhaps something is being set incorrectly when the download information is being passed from downloads to the history service. shaktisahu: your CL (https://crrev.com/2791453003) landed in the blame range for this and it's the only history/downloads/SQLite thing there. Do you mind investigating whether your change modifies or omits data that's sent to the history service for recording a download?
,
Apr 10 2017
,
Apr 11 2017
ClusterFuzz has detected this issue as fixed in range 463355:463374. Detailed report: https://clusterfuzz.com/testcase?key=5708649772351488 Fuzzer: ochang_search_index_mutator Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sqlite3VdbeExec sqlite3_step sql::Statement::StepInternal Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=463021:463085 Fixed: https://clusterfuzz.com/revisions?job=linux_msan_chrome&range=463355:463374 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96SxZmXrbEpzA2iwkCxgEintPU4IEDA1PjFmTHplSNvFpGOgeQ4xu-MpwZbJp8sCQrfYSOWG5wyCN8OsR68Og0eT26rWj-s99kOk4MPB7JaYP5r4WjwM8WryxL-ZZpQHw9waH9wlp8ZBA5Wmra490MV2OoxzzobLhCtc_000Ff_IvfZOvPwIo_a9UCYqxL6urxy9MAwWw9mrpGH07BXG72O3qDBMn2fORTpLULpHMzJiWouEOsDtwv0abI3oj1-QZtNmKbPplid1nsTExAF0oziNgwgak1mSF7yzZtXrS4AbazLpcQHJxipsjvJK1rXI4OkPdRg1Grj1O_tqjkP22wQK_nbkCrv8wa5ac6vdtsWVdneibM?testcase_id=5708649772351488 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 11 2017
,
Apr 12 2017
,
Jul 18 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Apr 8 2017