Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/49b21cbe24bd1c13b1a846c75f0ee0ed88e19913 (Add a fuzzer for the Windows sandbox IPC parser.).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

I have a fix ready for this in https://chromium-review.googlesource.com/c/chromium/src/+/701283

I guess you cannot convince CF that Linux is not affected, as it is able to reproduce crash on Linux and doesn't know all the magic you've implemented in order to make it work.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/56b10e3c4b3903281e410a0c99955924558d0504

commit 56b10e3c4b3903281e410a0c99955924558d0504
Author: Will Harris <wfh@chromium.org>
Date: Mon Oct 09 04:55:34 2017

Fix out-of-bounds read in sandbox broker.

It is unsafe to call GetActualBufferSize if the param count declared
by the buffer makes the min_declared_size larger than the buffer size.

BUG= 772621 

Cq-Include-Trybots: master.tryserver.chromium.win:win10_chromium_x64_rel_ng
Change-Id: I9d3930230442a055ac27aeafdff52d8b553ec214
Reviewed-on: https://chromium-review.googlesource.com/701283
Reviewed-by: Justin Schuh <jschuh@chromium.org>
Commit-Queue: Justin Schuh <jschuh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#507329}
[modify] https://crrev.com/56b10e3c4b3903281e410a0c99955924558d0504/sandbox/win/src/crosscall_server.cc

ClusterFuzz has detected this issue as fixed in range 507326:507330.

Detailed report: https://clusterfuzz.com/testcase?key=5233334727999488

Fuzzer: libFuzzer_sandbox_ipc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Heap-buffer-overflow READ 4
Crash Address: 0x60f0000004b4
Crash State:
  sandbox::ActualCallParams<1ul, 1024ul>::GetSize
  sandbox::CrossCallParamsEx::CreateFromBuffer
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=507267:507277
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=507326:507330

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5233334727999488

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5233334727999488 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

CF might win the battle but I win the war.

Both regressed and fixed in M63, removing ReleaseBlock-Stable

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot