New issue
Advanced search Search tips

Issue 830201 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: May 2018
Cc:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Segfault in puffin

Project Member Reported by ClusterFuzz, Apr 7 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6291515232747520

Fuzzer: libFuzzer_puffin_fuzzer
Job Type: libfuzzer_asan_chromeos
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x053900006f8c
Crash State:
  ld-2.23.so
  ld-2.23.so
  ld-2.23.so
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6291515232747520

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
 
Project Member

Comment 1 by ClusterFuzz, Apr 7 2018

Cc: ahass...@google.com senj@google.com
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file.

If this is incorrect, please add ClusterFuzz-Wrong label.
Owner: manojgupta@chromium.org
Status: WontFix (was: Untriaged)
i believe this issue is already fixed by switching to minijail for fuzzer execution.
I'm not really sure because I did find a problem with this test case that I'm working to fix. I was getting a segfault caused by invalid input to puffin. It was a problem with puffin. This was not related to ld-2.23.so though.
Owner: ahass...@chromium.org
Status: Assigned (was: WontFix)
Summary: Segfault in puffin (was: Abrt in ld-2.23.so)
I see, there were some seg faults related to fuzzer setup in clusterfuzz recently so I thought this is the same issue.
Updating the title and assigning to Amin.
Cc: -ahass...@google.com -senj@google.com
Status: Started (was: Assigned)
Project Member

Comment 9 by ClusterFuzz, Apr 18 2018

ClusterFuzz has detected this issue as fixed in range 2487713:2487966.

Detailed report: https://clusterfuzz.com/testcase?key=6291515232747520

Fuzzer: libFuzzer_puffin_fuzzer
Job Type: libfuzzer_asan_chromeos
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x000000000001
Crash State:
  std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >::allocate
  std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >::vector
  puffin::PuffinStream::PuffinStream
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_asan_chromeos&range=2487713:2487966

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6291515232747520

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Status: Fixed (was: Started)

Sign in to add a comment