Segfault in puffin |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6291515232747520 Fuzzer: libFuzzer_puffin_fuzzer Job Type: libfuzzer_asan_chromeos Platform Id: linux Crash Type: Abrt Crash Address: 0x053900006f8c Crash State: ld-2.23.so ld-2.23.so ld-2.23.so Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6291515232747520 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Apr 11 2018
i believe this issue is already fixed by switching to minijail for fuzzer execution.
,
Apr 11 2018
I'm not really sure because I did find a problem with this test case that I'm working to fix. I was getting a segfault caused by invalid input to puffin. It was a problem with puffin. This was not related to ld-2.23.so though.
,
Apr 11 2018
I see, there were some seg faults related to fuzzer setup in clusterfuzz recently so I thought this is the same issue. Updating the title and assigning to Amin.
,
Apr 11 2018
,
Apr 11 2018
,
Apr 11 2018
Added this for fix. https://android-review.googlesource.com/c/platform/external/puffin/+/663042/1
,
Apr 17 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/4696703e32f60731a311eaf1344dd69d8dd48fe1 commit 4696703e32f60731a311eaf1344dd69d8dd48fe1 Author: Amin Hassani <ahassani@google.com> Date: Tue Apr 17 22:47:22 2018 Marking 9999 ebuild for dev-util/puffin as stable. It is picking up: https://android-review.googlesource.com/c/platform/external/puffin/+/663990 https://android-review.googlesource.com/c/platform/external/puffin/+/663042 https://android-review.googlesource.com/c/platform/external/puffin/+/663041 BUG= chromium:830201 BUG= chromium:831772 BUG= chromium:831868 BUG= chromium:832118 TEST=unittests TEST=passed failed fuzzer test cases Change-Id: If92dd2960b0fa601d671417eb4ddcb295bfa83b3 Reviewed-on: https://chromium-review.googlesource.com/1011082 Commit-Ready: Amin Hassani <ahassani@chromium.org> Tested-by: Amin Hassani <ahassani@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [rename] https://crrev.com/4696703e32f60731a311eaf1344dd69d8dd48fe1/dev-util/puffin/puffin-1.0.0-r420.ebuild
,
Apr 18 2018
ClusterFuzz has detected this issue as fixed in range 2487713:2487966. Detailed report: https://clusterfuzz.com/testcase?key=6291515232747520 Fuzzer: libFuzzer_puffin_fuzzer Job Type: libfuzzer_asan_chromeos Platform Id: linux Crash Type: Abrt Crash Address: 0x000000000001 Crash State: std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >::allocate std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >::vector puffin::PuffinStream::PuffinStream Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_asan_chromeos&range=2487713:2487966 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6291515232747520 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 2 2018
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Apr 7 2018Labels: ClusterFuzz-Auto-CC