Issue 710699 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 710365
Owner:	█ dominicc@chromium.org Last visit > 30 days ago
Closed:	Apr 2017
Cc:	█ msrchandra@chromium.org
Components:	Blink>XML
EstimatedDays:	----
NextAction:	----
OS:	Linux , Mac
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Memory-AddressSanitizer Clusterfuzz M-59 Stability-AFL Test-Predator-Wrong

Crash in xmlParsePEReference

Project Member Reported by ClusterFuzz, Apr 12 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6191517644619776

Fuzzer: afl_libxml_xml_read_memory_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000005c
Crash State:
  xmlParsePEReference
  xmlParseInternalSubset
  xmlParseDocument
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94u474MIYyR_XqiicRfQUf6QdR-xNBjG8e5UfLZSVoVvBpkHLDn4Ew4njamE45jNl9CSpTs2IqVAcrPRtOd7UIZiU4RuxtsHvlgilWQNgdpVSuMjBspno_lqpMjQ9BmuLUNbkjlr0bW3clTBBsdIGrGUYhQIr4huiy52cSM0EU07X-FaQMBtL_bR1dL8pf3Jc3NxRnU1bPmfiRk9QhdyUDdCiT7yyr5tqnqajSZKBOsZusCt1TvyZXqRlCgEuY0vNs5fBUuU5K6ySAKCzfmFF0hVk9vF60JB_c5jIAzKSRnQaK4-kpQmc9UiPIpSa2fiSAchn4W-FOOq2XxxoUMuCSWCZvU7tMLQFozSnrKQJ-BJIHyEoE?testcase_id=6191517644619776


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mummare...@chromium.org, Apr 12 2017

Cc: msrchandra@chromium.org
Components: Blink>XML
Labels: Test-Predator-Wrong M-59
Owner: dominicc@chromium.org
Status: Assigned (was: Untriaged)

Looks like related to  issue 710365 . assigning to dominicc@. could you please take a look and duplicate this if it is same root cause.
Thank you.

Project Member

Comment 2 by ClusterFuzz, Apr 12 2017

Labels: OS-Mac

Comment 3 by dominicc@chromium.org, Apr 12 2017

Mergedinto: 710365
Status: Duplicate (was: Assigned)

Yes, this looks like it has the same root cause. Thanks!

Project Member

Comment 4 by ClusterFuzz, Apr 12 2017

ClusterFuzz has detected this issue as fixed in range 463924:463938.

Detailed report: https://clusterfuzz.com/testcase?key=6191517644619776

Fuzzer: afl_libxml_xml_read_memory_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000005c
Crash State:
  xmlParsePEReference
  xmlParseInternalSubset
  xmlParseDocument
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=463924:463938

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94u474MIYyR_XqiicRfQUf6QdR-xNBjG8e5UfLZSVoVvBpkHLDn4Ew4njamE45jNl9CSpTs2IqVAcrPRtOd7UIZiU4RuxtsHvlgilWQNgdpVSuMjBspno_lqpMjQ9BmuLUNbkjlr0bW3clTBBsdIGrGUYhQIr4huiy52cSM0EU07X-FaQMBtL_bR1dL8pf3Jc3NxRnU1bPmfiRk9QhdyUDdCiT7yyr5tqnqajSZKBOsZusCt1TvyZXqRlCgEuY0vNs5fBUuU5K6ySAKCzfmFF0hVk9vF60JB_c5jIAzKSRnQaK4-kpQmc9UiPIpSa2fiSAchn4W-FOOq2XxxoUMuCSWCZvU7tMLQFozSnrKQJ-BJIHyEoE?testcase_id=6191517644619776


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

►

Issue 710699 link

Issue metadata

Crash in xmlParsePEReference

Issue description

Comment 1 by mummare...@chromium.org, Apr 12 2017

Comment 1 Deleted

Comment 2 by ClusterFuzz, Apr 12 2017

Comment 2 Deleted

Comment 3 by dominicc@chromium.org, Apr 12 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Apr 12 2017

Comment 4 Deleted

Sign in to add a comment