New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 841145 link

Starred by 3 users
Status: WontFix
Owner:
schenney@chromium.org
Closed: Dec 1
Cc:
mscherer@google.com
joelhockey@chromium.org
js...@chromium.org
jcivelli@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

ASSERT: count>=0

Project Member Reported by ClusterFuzz, May 9 2018 
Detailed report: https://clusterfuzz.com/testcase?key=5110020950458368

Fuzzer: libFuzzer_xml_parser_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  count>=0
  ucnv_UTF8FromUTF8
  ucnv_convertEx_61
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=556938:556952

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5110020950458368

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, May 9 2018

Components: Blink>XML
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, May 9 2018

Cc: jcivelli@google.com
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.
Project Member

Comment 3 by ClusterFuzz, May 9 2018

Labels: Test-Predator-Auto-Owner
Owner: js...@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/deps/icu/+/f61e46dbee9d539a32551493e3bcc1dea92f83ec (Update ICU to 61.1 + local patches).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 4 by js...@chromium.org, May 10 2018

Cc: mscherer@google.com
Will take a look at the crash report/stack.

Comment 5 by js...@chromium.org, May 10 2018 

Stack:

#0 0x7fd43e15f427 in gsignal /build/glibc-Cl5G7W/glibc-2.23/signal/../sysdeps/unix/sysv/linux/raise.c:54
#1 0x7fd43e161029 in abort /build/glibc-Cl5G7W/glibc-2.23/stdlib/abort.c:89
#2 0x7fd43e157bd6 in __assert_fail_base /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:92
#3 0x7fd43e157c81 in __assert_fail /build/glibc-Cl5G7W/glibc-2.23/assert/assert.c:101
 #4 0x7fd4730314a7 in ucnv_UTF8FromUTF8(UConverterFromUnicodeArgs*, UConverterToUnicodeArgs*, UErrorCode*) third_party/icu/source/common/ucnv_u8.cpp:816:5
 #5 0x7fd472fbf173 in ucnv_convertEx_61 third_party/icu/source/common/ucnv.cpp:2286:13
#6 0x10309e7 in xmlUconvWrapper third_party/libxml/src/encoding.c:1882:9
#7 0x1029367 in xmlEncInputChunk third_party/libxml/src/encoding.c:1931:15
#8 0x102a77a in xmlCharEncInput third_party/libxml/src/encoding.c:2238:11
#9 0x11cc1b4 in xmlParserInputBufferPush third_party/libxml/src/xmlIO.c:3160:12
#10 0x10e9c5c in xmlParseTryOrFinish third_party/libxml/src/parser.c:11196:3
#11 0x10e7a5e in xmlParseChunk third_party/libxml/src/parser.c:12261:13
#12 0x11da3b3 in xmlTextReaderPushData third_party/libxml/src/xmlreader.c:886:12

The minimized test case has several U+000E0041, but is in valid UTF-8.

Comment 6 by js...@chromium.org, May 16 2018

Cc: -jcivelli@google.com jcivelli@chromium.org joelhockey@chromium.org

Comment 7 by js...@chromium.org, May 17 2018 

Hmm.... I can't reproduce it locally.

Comment 8 by js...@chromium.org, May 17 2018 

> I can't reproduce it locally.

Cannot reproduce the issue either with ICU 60 or ICU 61.

Comment 9 by js...@chromium.org, May 18 2018

Cc: js...@chromium.org
Owner: ----
Status: Unconfirmed (was: Assigned)

Comment 10 by schenney@chromium.org, Jul 25

Owner: schenney@chromium.org
Status: Assigned (was: Unconfirmed)
Kicked off another clusterfuzz task to try to reproduce.
Project Member

Comment 11 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 5110020950458368 appears to be flaky, updating reproducibility label.
Project Member

Comment 12 by ClusterFuzz, Dec 1

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5110020950458368 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment