Timeout in blink_html_tokenizer_fuzzer |
|||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4754906502922240 Fuzzer: libFuzzer_blink_html_tokenizer_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: blink_html_tokenizer_fuzzer Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=507046:507082 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4754906502922240 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Apr 10 2018
,
Jul 30
,
Oct 10
,
Nov 30
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f3a7fa9abab0644914076cf49c63f6bb01d8493f commit f3a7fa9abab0644914076cf49c63f6bb01d8493f Author: Charlie Harrison <csharrison@chromium.org> Date: Fri Nov 30 15:25:41 2018 Replace ConsumeBytesInRange with ConsumeRandomLengthString in fuzzed_data_provider This CL changes the Blink wrapper for fuzzed_data_provider for callers wanting a random length string. This uses a much simpler technique for pulling strings out of random data which should yield better fuzzing discovery. Note: This will change the behavior of the (two) fuzzers using ConsumeBytesInRange. Additionally, we add a small max limit to the tokenizer fuzzer to avoid hangs. I couldn't find anything wrong with the production code to cause these hangs. Bug: 813761 Change-Id: I30b3be16b6c101165fdd3041596a82412e5c46f1 Reviewed-on: https://chromium-review.googlesource.com/c/1354413 Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Commit-Queue: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#612654} [modify] https://crrev.com/f3a7fa9abab0644914076cf49c63f6bb01d8493f/third_party/blink/renderer/core/html/parser/html_tokenizer_fuzzer.cc [modify] https://crrev.com/f3a7fa9abab0644914076cf49c63f6bb01d8493f/third_party/blink/renderer/core/html/parser/text_resource_decoder_for_fuzzing.h [modify] https://crrev.com/f3a7fa9abab0644914076cf49c63f6bb01d8493f/third_party/blink/renderer/platform/testing/fuzzed_data_provider.cc [modify] https://crrev.com/f3a7fa9abab0644914076cf49c63f6bb01d8493f/third_party/blink/renderer/platform/testing/fuzzed_data_provider.h
,
Dec 1
ClusterFuzz testcase 4754906502922240 appears to be flaky, updating reproducibility label.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
,
Dec 1
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.
,
Dec 1
ClusterFuzz has detected this issue as fixed in range 612653:612656. Detailed report: https://clusterfuzz.com/testcase?key=4754906502922240 Fuzzer: libFuzzer_blink_html_tokenizer_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: blink_html_tokenizer_fuzzer Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=507046:507082 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=612653:612656 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4754906502922240 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 1
ClusterFuzz testcase 4754906502922240 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ClusterFuzz
, Feb 20 2018Owner: pmeenan@chromium.org
Status: Assigned (was: Untriaged)