New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 806896 link

Starred by 1 user
Status: WontFix
Owner:
lgrey@chromium.org
Closed: Dec 1
Cc:
ivanpe@chromium.org
mark@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Abrt in google_breakpad::PrintStackMachineReadable

Project Member Reported by ClusterFuzz, Jan 29 2018 
Detailed report: https://clusterfuzz.com/testcase?key=6275281757929472

Fuzzer: libFuzzer_minidump_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e900005d72
Crash State:
  google_breakpad::PrintStackMachineReadable
  google_breakpad::PrintProcessStateMachineReadable
  PrintMinidumpProcess
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=510445:510468

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6275281757929472

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Jan 29 2018

Labels: Test-Predator-Auto-Owner
Owner: lgrey@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/d7ebcbcf5f4b8eeec191a1bb8e68d3b67f6d3b8d (Explicitly add signature and header in minidump fuzzer).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Project Member

Comment 2 by ClusterFuzz, Jan 29 2018

Components: Internals>CrashReporting
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 3 by lgrey@chromium.org, Jan 29 2018

Cc: mark@chromium.org
mark@ this seems more or less inevitable to me when fuzzing. Is an attacker being able to crash Breakpad (or would it be the entire browser?) by causing a malformed minidump to be processed something we should mitigate against at the minidump processing level?

Comment 4 by mark@chromium.org, Jan 30 2018 

Yes, absolutely.

Comment 5 by mark@chromium.org, Jan 30 2018

Cc: ivanpe@chromium.org
To be clear, the thing that we’re concerned about here is a malformed minidump trashing server-side processing. This report (and other things involving malformed minidumps) don’t really have much or any client-side impact.

Comment 6 by lgrey@chromium.org, Jan 30 2018 

So would the right move here be to replace the asserts with early exits?

Comment 7 by mark@chromium.org, Jan 30 2018 

Oh, wait, this is an assert?

That’s basically OK. I thought that this was an “organic” crash.

Comment 8 by mark@chromium.org, Jan 30 2018 

(from a security impact perspective, at least.)

Comment 10 by mark@chromium.org, Jan 30 2018 

Aha. That’s trivially easy to hit. It doesn’t take much to construct a minidump that results in an empty code_file.

Since it’s actually happening right in the “print” function, it doesn’t actually affect production use. In production, the processor library cranks out the stackwalk, but doesn’t do any printing. While I don’t have any problems leaving the assert in place particularly in this case, we could also drop the assert and just allow the empty string to pass.
Project Member

Comment 11 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6275281757929472 appears to be flaky, updating reproducibility label.
Project Member

Comment 12 by ClusterFuzz, Dec 1

Status: WontFix (was: Assigned)
ClusterFuzz testcase 6275281757929472 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment