New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 721650 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
Closed: Jul 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in PostDelayedTaskWithTraits

Project Member Reported by ClusterFuzz, May 12 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6391395630972928

Fuzzer: afl_net_data_job_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000000
Crash State:
  PostDelayedTaskWithTraits
  base::PostTaskWithTraits
  base::PostTaskAndReplyTaskRunner::PostTask
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=471049:471080

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6391395630972928


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 
Cc: msrchandra@chromium.org
Labels: Test-Predator-Wrong-CLs M-60
Owner: fdoray@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not provide any possible suspects.
Using Code Search for the file, "post_task.cc" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/6ef24a2589286dd4939a20dc1afddf4ecd9212a0

@fdoray -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d2162d46a8c23dd4334e0a526e8d0f101a9b6afc

commit d2162d46a8c23dd4334e0a526e8d0f101a9b6afc
Author: Francois Doray <fdoray@chromium.org>
Date: Tue Jul 25 17:51:48 2017

Initialize ScopedTaskEnvironment in net/base/fuzzer_test_support.cc.

NetTestSuite initializes a ScopedTaskEnvironment to allow all
//net unit tests to use the base/task_scheduler/post_task.h API.
It makes sense to do the same in //net fuzzing tests.

Bug:  721650 
Change-Id: I44039573ca26860f6b8d440bfd0bd5a438323c14
Reviewed-on: https://chromium-review.googlesource.com/549987
Reviewed-by: Eric Roman <eroman@chromium.org>
Commit-Queue: Francois Doray <fdoray@chromium.org>
Cr-Commit-Position: refs/heads/master@{#489360}
[modify] https://crrev.com/d2162d46a8c23dd4334e0a526e8d0f101a9b6afc/net/base/fuzzer_test_support.cc

Comment 3 by fdoray@chromium.org, Jul 25 2017

Status: Fixed (was: Assigned)
Project Member

Comment 4 by ClusterFuzz, Jul 26 2017

ClusterFuzz has detected this issue as fixed in range 489359:489460.

Detailed report: https://clusterfuzz.com/testcase?key=6391395630972928

Fuzzer: afl_net_data_job_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  PostDelayedTaskWithTraits
  base::PostTaskWithTraits
  base::PostTaskAndReplyTaskRunner::PostTask
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=471049:471080
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=489359:489460

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6391395630972928


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by ClusterFuzz, Jul 26 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Fixed)
ClusterFuzz testcase 6391395630972928 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment