Null-dereference READ in bool base::ContainsKey<std::__1::map<std::__1::basic_string<char, std::__1::char |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5616193540194304 Fuzzer: libFuzzer_clear_site_data_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000020 Crash State: bool base::ContainsKey<std::__1::map<std::__1::basic_string<char, std::__1::char base::CommandLine::HasSwitch content::ClearSiteDataThrottle::ParseHeader Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=517031:517048 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5616193540194304 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 16 2017
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/69e586cb53639ea3e6f22267bde1f611fbab00de (Add the wildcard ("*") pseudo-datatype to Clear-Site-Data.). If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.
,
Nov 17 2017
,
Nov 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8667d1b179aa31f6a5165c2e79febae070d21597 commit 8667d1b179aa31f6a5165c2e79febae070d21597 Author: Martin Sramek <msramek@chromium.org> Date: Fri Nov 17 16:43:03 2017 Initialize the command line in clear_site_data_fuzzer.cc After https://chromium-review.googlesource.com/771890, the functionality tested by this fuzzer depends on base::CommandLine. This was not initialized in the fuzzer, making it crash. Bug: 786023 Change-Id: I1c599e3231d5236b6ffb59e20373c2243ee0d026 Reviewed-on: https://chromium-review.googlesource.com/776874 Reviewed-by: Max Moroz <mmoroz@chromium.org> Commit-Queue: Martin Šrámek <msramek@chromium.org> Cr-Commit-Position: refs/heads/master@{#517427} [modify] https://crrev.com/8667d1b179aa31f6a5165c2e79febae070d21597/content/test/fuzzer/clear_site_data_fuzzer.cc
,
Nov 17 2017
,
Nov 18 2017
ClusterFuzz testcase 6517224797110272 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 18 2017
ClusterFuzz has detected this issue as fixed in range 517402:517449. Detailed report: https://clusterfuzz.com/testcase?key=5616193540194304 Fuzzer: libFuzzer_clear_site_data_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000020 Crash State: bool base::ContainsKey<std::__1::map<std::__1::basic_string<char, std::__1::char base::CommandLine::HasSwitch content::ClearSiteDataThrottle::ParseHeader Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=517031:517048 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=517402:517449 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5616193540194304 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 20 2017
Issue 786712 has been merged into this issue.
,
Nov 22 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Nov 16 2017Labels: Test-Predator-Auto-Components