CHECK failure: hi <= image.size() in rel32_utils.cc |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6621350199033856 Fuzzer: libFuzzer_zucchini_disassembler_win32_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: hi <= image.size() in rel32_utils.cc zucchini::Rel32ReaderX86::Rel32ReaderX86 zucchini::DisassemblerWin32<zucchini::Win32X86Traits>::MakeReadRel32 Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=548881:548907 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6621350199033856 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Apr 7 2018
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/a3d605e38f9387bbab6c4b30ab35926e6da0ace4 ([Zucchini] Add Win32 PE Disassembler Fuzzer). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Apr 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4af21b941d3394f058b86eaaf16b14c281911c62 commit 4af21b941d3394f058b86eaaf16b14c281911c62 Author: Calder Kitagawa <ckitagawa@google.com> Date: Mon Apr 09 14:49:56 2018 [Zucchini]: Fix fuzzer CHECK error ClusterFuzz found an issue with the DCHECK for "hi <= image.size()" in rel32_utils.cc. This turned out to be a lack of undestanding on my part that the image gets shruken to the understood region on parsing in Win32 PE disassembler. As a result, we should be using this shruken image's size rather than the original image size when invoking the family of MakeRead functions. Bug: 830173 Change-Id: I957990ed0dacb38db4ce85df10a1ffe988e8cc2f Reviewed-on: https://chromium-review.googlesource.com/1002877 Commit-Queue: Calder Kitagawa <ckitagawa@google.com> Reviewed-by: Samuel Huang <huangs@chromium.org> Cr-Commit-Position: refs/heads/master@{#549173} [modify] https://crrev.com/4af21b941d3394f058b86eaaf16b14c281911c62/components/zucchini/disassembler_win32_fuzzer.cc
,
Apr 9 2018
Should be fixed. Will wait a day or two before marking verified to see if ClusterFuzz triggers it again.
,
Apr 10 2018
ClusterFuzz has detected this issue as fixed in range 549171:549175. Detailed report: https://clusterfuzz.com/testcase?key=6621350199033856 Fuzzer: libFuzzer_zucchini_disassembler_win32_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: CHECK failure Crash Address: Crash State: hi <= image.size() in rel32_utils.cc zucchini::Rel32ReaderX86::Rel32ReaderX86 zucchini::DisassemblerWin32<zucchini::Win32X86Traits>::MakeReadRel32 Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=548881:548907 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=549171:549175 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6621350199033856 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 10 2018
ClusterFuzz testcase 6621350199033856 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Apr 7 2018Labels: Test-Predator-Auto-Components