Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in Document::MergePartialFromCodedStream |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5678673582882816 Fuzzer: libFuzzer_renderer_proto_tree_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: Document::MergePartialFromCodedStream google::protobuf::MessageLite::ParsePartialFromString protobuf_mutator::ParseBinaryMessage Sanitizer: memory (MSAN) Recommended Security Severity: Medium Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5678673582882816 Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. If the fix resolved the issue, please close the bug by marking as Fixed. Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 10 2017
Report contains no actionable information. Please re-open if you can provide additional details.
,
Aug 11 2017
,
Aug 11 2017
Vitaly, not sure if you are a good owner, but since you've been working on libprotobuf, maybe you have any ideas how to fix this? Please note that we don't have a single testcase to reproduce the crash, but we see it's happening every day during fuzzing.
,
Aug 11 2017
Security impact head, as for UNREPRODUCIBLE (actually, unreliably reproducible) bugs. Should you divine an answer to the issue by code inspection, please determine how far back the issue goes and set impact appropriately.
,
Aug 11 2017
,
Aug 12 2017
,
Aug 12 2017
,
Aug 25 2017
vitalybuka: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 26 2017
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/60daf8fcc5fb49f2f6392a29b016770ef384b416 commit 60daf8fcc5fb49f2f6392a29b016770ef384b416 Author: Vitaly Buka <vitalybuka@chromium.org> Date: Sat Aug 26 03:10:58 2017 Fix msan build of renderer_proto_tree_fuzzer Bug: 754424 Change-Id: Ifd6c969b769bd601a7b8a91eda8007aa94e547ff Reviewed-on: https://chromium-review.googlesource.com/636151 Reviewed-by: Max Moroz <mmoroz@chromium.org> Commit-Queue: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#497646} [modify] https://crrev.com/60daf8fcc5fb49f2f6392a29b016770ef384b416/content/test/fuzzer/renderer_proto_tree_fuzzer.cc
,
Aug 29 2017
,
Aug 30 2017
,
Dec 6 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kenrb@chromium.org
, Aug 10 2017