New issue
Advanced search Search tips

Issue 862539 link

Starred by 1 user
Status: Fixed
Owner:
briannorris@chromium.org
Closed: Jul 26
Cc:
benchan@chromium.org
briannorris@chromium.org
abhishekbh@google.com
manojgupta@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

libFuzzer_chromeos_rtnl_handler_fuzzer: misaligned address

Project Member Reported by ClusterFuzz, Jul 11 
Detailed report: https://clusterfuzz.com/testcase?key=6105161983066112

Fuzzer: libFuzzer_chromeos_rtnl_handler_fuzzer
Job Type: libfuzzer_asan_chromeos
Platform Id: linux

Crash Type: Misaligned-address
Crash Address: 
Crash State:
  NULL
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6105161983066112

Issue filed automatically.

See https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md#Reproducing-crashes-from-ClusterFuzz for more information.

Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
Project Member

Comment 1 by ClusterFuzz, Jul 11

Cc: abhishekbh@google.com cernekee@chromium.org benchan@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 2 by benchan@google.com, Jul 11

Cc: briannorris@chromium.org

Comment 3 Deleted

Comment 4 by benchan@chromium.org, Jul 23

Components: OS>Systems>Network

Comment 5 by briannorris@chromium.org, Jul 23

Labels: -Pri-1 Pri-3
Owner: briannorris@chromium.org
Status: Assigned (was: Untriaged)
Summary: libFuzzer_chromeos_rtnl_handler_fuzzer: misaligned address
(To toolchain folks: that subject is nonsense.)

I'll tentatively take a look, but it's not high priority IMO.

Comment 6 by briannorris@chromium.org, Jul 26

Status: Started (was: Assigned)
'Twas easy enough to fix:

https://chromium-review.googlesource.com/c/aosp/platform/system/connectivity/shill/+/1150877
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 26 

The following revision refers to this bug:
  https://chromium.googlesource.com/aosp/platform/system/connectivity/shill/+/6f953ade994823a5d918274dac9b18de621f18f2

commit 6f953ade994823a5d918274dac9b18de621f18f2
Author: Brian Norris <briannorris@chromium.org>
Date: Thu Jul 26 11:07:38 2018

shill: rtnl_handler: always align 2nd netlink message

Netlink headers are always aligned at NLMSG_ALIGNTO (4 byte) boundaries,
even if the previous message is not aligned. Use the NLMSG_ALIGN()
helper to get us to the right place.

BUG= chromium:862539 
TEST=unit tests; fuzzer test case (see bug); basic Wifi tests

Change-Id: I7aa8f707a48ff457dab598adfba0daa2aa6a0ef1
Signed-off-by: Brian Norris <briannorris@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1150877
Reviewed-by: Ben Chan <benchan@chromium.org>

[modify] https://crrev.com/6f953ade994823a5d918274dac9b18de621f18f2/net/rtnl_handler.cc

Comment 8 by briannorris@chromium.org, Jul 26

Status: Fixed (was: Started)

Comment 9 by briannorris@chromium.org, Jul 31 

 Issue 868668  has been merged into this issue.

Sign in to add a comment