Issue metadata
Sign in to add a comment
|
Crash in void fuzzer::TracePC::IterateInline8bitCounters<fuzzer::TracePC::InitializeUnsta |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5732275128631296 Fuzzer: libFuzzer_css_parser_fast_paths_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x3a00011f8067 Crash State: void fuzzer::TracePC::IterateInline8bitCounters<fuzzer::TracePC::InitializeUnsta Sanitizer: address (ASAN) Recommended Security Severity: Medium Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5732275128631296 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. Note: This crash might not be reproducible with the provided testcase. That said, for the past 14 days we've been seeing this crash frequently. If you are unable to reproduce this, please try a speculative fix based on the crash stacktrace in the report. The fix can be verified by looking at the crash statistics in the report, a day after the fix is deployed. We will auto-close the bug if the crash is not seen for 14 days.
,
Aug 29
Not much to go on in the report, and possibly an issue with the fuzz driver itself or the effects of wild corruption while fuzzing.
,
Dec 6
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 6
Thanks, Tom! Yeah, that issue was reporter due to buggy -handle_unstable=1 mode. Sorry for the noise. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Aug 29