New issue
Advanced search Search tips

Issue 767023 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 773821
Owner:
Closed: Jan 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security



Sign in to add a comment

Use-of-uninitialized-value in test_runner::TestRunnerForSpecificView::Reset

Project Member Reported by ClusterFuzz, Sep 20 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5291756706070528

Fuzzer: ochang_domfuzzer
Job Type: linux_msan_content_shell_drt
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  test_runner::TestRunnerForSpecificView::Reset
  test_runner::WebViewTestProxyBase::Reset
  test_runner::TestInterfaces::ResetAll
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_content_shell_drt&range=390302:390312

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5291756706070528

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 

Comment 1 by palmer@chromium.org, Sep 20 2017

Components: Test
Owner: dmazz...@chromium.org
Status: Assigned (was: Untriaged)
Potentially related to/duplicate of  Issue 766039  ?
Project Member

Comment 2 by sheriffbot@chromium.org, Sep 21 2017

Labels: M-62
Project Member

Comment 3 by sheriffbot@chromium.org, Sep 21 2017

Labels: Pri-1
Project Member

Comment 4 by ClusterFuzz, Oct 1 2017

Labels: Test-Predator-AutoComponents
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
Labels: -Test-Predator-AutoComponents
Project Member

Comment 6 by sheriffbot@chromium.org, Oct 5 2017

dmazzoni: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 7 by sheriffbot@chromium.org, Oct 19 2017

dmazzoni: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one?

If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 8 by ClusterFuzz, Nov 7 2017

Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 9 by palmer@chromium.org, Nov 30 2017

dmazzoni: This bug is pretty old, and we'd like to get it out of the security triage queue. Can you please confirm that this bug only appears in the test runner, and not in production Chrome? If so, we can remove it from our queue. Thank you!
Project Member

Comment 10 by sheriffbot@chromium.org, Dec 7 2017

Labels: -M-62 M-63
Labels: -Pri-1 Pri-2
Owner: palmer@chromium.org
Unfortunately I'm unable to reproduce this bug locally. I did an MSAN build and then tried to run it like this:

out/Release/content_shell --run-layout-test third_party/WebKit/LayoutTests/clusterfuzz-testcase-5291756706070528.html

I do agree that the stack trace points to a bug in test_runner, which is not severe at all. It also doesn't look like an area I'm familiar with.

In general MSAN needs some love, it's way too difficult to reproduce MSAN bugs, compared to ASAN for example - see crbug.com/786416

Cc: palmer@chromium.org
Owner: och...@chromium.org
ochang: I'm wondering if you can dig into this one a bit, since it's your fuzzer and since you might have some insight into MSan reproducibility problems?
Mergedinto: 773821
Status: Duplicate (was: Assigned)
Oops, missed this one in vacation backlog, sorry.

CF seems to have trouble reproducing this one too, but the stack looks similar to  bug 773821  which is a reproducible bad cast (but marked non-security because it's likely a bug in the test runner).
Project Member

Comment 14 by sheriffbot@chromium.org, May 26 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment