New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 802134 link

Starred by 2 users
Status: WontFix
Owner:
mlamouri@chromium.org
Closed: Apr 2018
Cc:
zqzh...@chromium.org
brajkumar@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Timeout in web_icon_sizes_fuzzer

Project Member Reported by ClusterFuzz, Jan 16 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5262472935374848

Fuzzer: libFuzzer_web_icon_sizes_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  web_icon_sizes_fuzzer
  
Sanitizer: memory (MSAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5262472935374848

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
Project Member

Comment 1 by ClusterFuzz, Jan 16 2018

Labels: OS-Mac

Comment 2 by brajkumar@chromium.org, Jan 17 2018

Cc: brajkumar@chromium.org
Components: Blink>Infra
Labels: Test-Predator-Wrong CF-NeedsTriage
Unable to perform code search since there is no '.cc' or .cpp' files are available in the stack trace and also no CL file is available to find the suspect, hence adding appropriate label and marking it as untriaged.

Thanks!

Comment 3 by foolip@chromium.org, Jan 24 2018

Components: -Blink>Infra Blink>HTML>Link
brajkumar@, Blink>Infra doesn't seem appropriate as a fallback label to me. While it has a lot to do with tests (especially LayoutTests), unless there's a suspicion that the infra itself is the cause of the problem, the component for the suspect feature seems better. Going with Blink>HTML>Link since the fuzzer seems to be for an attribute there:
https://chromium.googlesource.com/chromium/src/+/7cb9eb91d815ce294fdb7b82ef401c653064695e

Comment 4 by tkent@chromium.org, Jan 26 2018

Owner: zqzh...@chromium.org
Status: Assigned (was: Untriaged)

Comment 5 by zqzh...@chromium.org, Mar 23 2018

Labels: -Pri-1 Pri-2
Owner: mlamouri@chromium.org
Sorry I no longer work on Chrome except for a very specific part. In WebIconSizesParser, the pointer increments by 1 for every loop iteration, and I don't think the test will timeout for a 1MB input. Verified locally and can't repro.

We could limit the maximum input length for WebIconSizesParser. I'm leaning towards closing this bug. Re-assigning to mlamouri@.

Comment 6 by infe...@chromium.org, Apr 17 2018

Status: WontFix (was: Assigned)
We are closing all ooms and timeouts that are unreproducible. We won't be filing such bugs in future.
Project Member

Comment 7 by ClusterFuzz, Apr 24 2018

Labels: Needs-Feedback
ClusterFuzz testcase 5262472935374848 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

Comment 8 by pnangunoori@chromium.org, May 2 2018

Cc: zqzh...@chromium.org
 Issue 838555  has been merged into this issue.

Sign in to add a comment