New issue
Advanced search Search tips

Issue 786049 link

Starred by 1 user
Status: Fixed
Owner: ----
Closed: Nov 2017
Cc:
kkaluri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Timeout in boringssl_bn_mod_exp_fuzzer

Project Member Reported by ClusterFuzz, Nov 16 2017 
Detailed report: https://clusterfuzz.com/testcase?key=4583722124050432

Fuzzer: libFuzzer_boringssl_bn_mod_exp_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  boringssl_bn_mod_exp_fuzzer
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4583722124050432

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.

Comment 1 by kkaluri@chromium.org, Nov 17 2017

Cc: kkaluri@chromium.org
Components: Blink
Labels: Test-Predator-Wrong CF-NeedsTriage
Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You...

Comment 2 by dtapu...@chromium.org, Nov 17 2017

Components: -Blink Internals>Network>SSL
Project Member

Comment 3 by ClusterFuzz, Nov 20 2017

Labels: OS-Mac
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 28 2017 

The following revision refers to this bug:
  https://boringssl.googlesource.com/boringssl/+/fc9c67599d9bdeb2e0467085133b81a8e28f77a4

commit fc9c67599d9bdeb2e0467085133b81a8e28f77a4
Author: David Benjamin <davidben@google.com>
Date: Tue Nov 28 21:48:00 2017

Bound the input to the bn_mod_exp fuzzer.

This is not a speedy operation, so the fuzzers need a bit of help to
avoid timeouts.

Bug:  chromium:786049 
Change-Id: Ib56281b63eb6c895057f21254f0cc7c5c2d85ee4
Reviewed-on: https://boringssl-review.googlesource.com/23484
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

[modify] https://crrev.com/fc9c67599d9bdeb2e0467085133b81a8e28f77a4/fuzz/bn_mod_exp.cc

Comment 5 by davidben@chromium.org, Nov 28 2017

Status: Fixed (was: Untriaged)
This won't get picked up until the next Chromium roll, but that should hopefully do that trick.

Sign in to add a comment