Null-dereference READ in sh::TParseContext::addStructDeclaratorList |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5147581956227072 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: sh::TParseContext::addStructDeclaratorList sh::TParseContext::addStructDeclaratorListWithQualifiers yyparse Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=525039:525066 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5147581956227072 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Dec 20 2017
ClusterFuzz has detected this issue as fixed in range 525188:525204. Detailed report: https://clusterfuzz.com/testcase?key=5147581956227072 Fuzzer: libFuzzer_angle_translator_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: sh::TParseContext::addStructDeclaratorList sh::TParseContext::addStructDeclaratorListWithQualifiers yyparse Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=525039:525066 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=525188:525204 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5147581956227072 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 20 2017
ClusterFuzz testcase 5147581956227072 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Dec 20 2017
Jamie, any idea what might have happened with this bug? When I first saw this I was worried I could have introduced a null pointer dereference with the "don't allocate name strings for empty symbols" patch, but I didn't find any issues looking through the code. Could this have been just the tool malfunctioning?
,
Dec 20 2017
It's not out of the question, but I suspect if the crash was reproducible it would be real. Maybe you fixed the crash with an unrelated change, or the code was reorganized so the crash would show up in a different place? |
|||
►
Sign in to add a comment |
|||
Comment 1 by ClusterFuzz
, Dec 20 2017Owner: oetu...@nvidia.com
Status: Assigned (was: Untriaged)