Null-dereference READ in net::CryptoFramer::ProcessInput |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4726716886155264 Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: net::CryptoFramer::ProcessInput net::QuicCryptoStream::OnDataAvailable net::QuicStreamSequencer::OnStreamFrame Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=514605:514643 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4726716886155264 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 8 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/3d55bbb391a5a2e7ba3dd5c083f46bfdb950adcb (Add Quic Stream Factory Fuzzer). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Nov 8 2017
,
Nov 8 2017
Assigning to Ryan for further triage :)
,
Nov 8 2017
,
Nov 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4f52f8a640b086806c9dd7c4b22778e90d57dd64 commit 4f52f8a640b086806c9dd7c4b22778e90d57dd64 Author: Ryan Hamilton <rch@chromium.org> Date: Fri Nov 10 22:31:07 2017 Set the CryptoFramer's visitor in MockCryptoClientStream. BUG= 782544 , 782562 Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet Change-Id: I1d2a5c139012155465d6bda37aede0ba87a3b65a Reviewed-on: https://chromium-review.googlesource.com/764031 Reviewed-by: Zhongyi Shi <zhongyi@chromium.org> Commit-Queue: Ryan Hamilton <rch@chromium.org> Cr-Commit-Position: refs/heads/master@{#515717} [modify] https://crrev.com/4f52f8a640b086806c9dd7c4b22778e90d57dd64/net/quic/test_tools/mock_crypto_client_stream.cc
,
Nov 10 2017
,
Nov 11 2017
ClusterFuzz has detected this issue as fixed in range 515705:515744. Detailed report: https://clusterfuzz.com/testcase?key=4726716886155264 Fuzzer: libFuzzer_net_quic_stream_factory_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: net::CryptoFramer::ProcessInput net::QuicCryptoStream::OnDataAvailable net::QuicStreamSequencer::OnStreamFrame Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=514605:514643 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=515705:515744 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4726716886155264 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 11 2017
ClusterFuzz testcase 4726716886155264 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by mmoroz@chromium.org
, Nov 8 2017Components: Internals>Network>QUIC