Null-dereference READ in blink::PtrStorageImpl<blink::WebCryptoKeyAlgorithmPrivate, |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5198847471779840 Fuzzer: libFuzzer_v8_serialized_script_value_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000018 Crash State: blink::PtrStorageImpl<blink::WebCryptoKeyAlgorithmPrivate, blink::WebCryptoKeyAlgorithm::Id webcrypto::EcAlgorithm::DeserializeKeyForClone Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=425604:425615 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5198847471779840 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Jul 10
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Jul 10
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/cd889cddd3201471e7b34faf88a2b90f93b12929 (Add support for CryptoKey to V8-based structured clone path.). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Jul 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/83881c9bc1be6c66b09943ceb3a0c15f949eb71c commit 83881c9bc1be6c66b09943ceb3a0c15f949eb71c Author: Jeremy Roman <jbroman@chromium.org> Date: Tue Jul 10 18:42:21 2018 webcrypto: Don't ignore invalid elliptic curve key data during deserialization. Bug: 862147 Change-Id: Ie0ca0c8375f201d055e16dd39c7454bd008a34f8 Reviewed-on: https://chromium-review.googlesource.com/1131837 Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Commit-Queue: Jeremy Roman <jbroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#573831} [modify] https://crrev.com/83881c9bc1be6c66b09943ceb3a0c15f949eb71c/components/webcrypto/algorithms/ec.cc [modify] https://crrev.com/83881c9bc1be6c66b09943ceb3a0c15f949eb71c/third_party/blink/renderer/bindings/modules/v8/serialization/v8_script_value_serializer_for_modules_test.cc
,
Jul 10
,
Jul 10
,
Jul 11
ClusterFuzz has detected this issue as fixed in range 573828:573835. Detailed report: https://clusterfuzz.com/testcase?key=5198847471779840 Fuzzer: libFuzzer_v8_serialized_script_value_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000018 Crash State: blink::PtrStorageImpl<blink::WebCryptoKeyAlgorithmPrivate, blink::WebCryptoKeyAlgorithm::Id webcrypto::EcAlgorithm::DeserializeKeyForClone Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=425604:425615 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=573828:573835 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5198847471779840 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 11
ClusterFuzz testcase 5198847471779840 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Jul 10Labels: Test-Predator-Auto-Components