New issue
Advanced search Search tips

Issue 895233 link

Starred by 2 users
Status: Verified
Owner:
metzman@chromium.org
Closed: Nov 15
Cc:
kkaluri@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Stack-overflow in token_to_string

Project Member Reported by ClusterFuzz, Oct 15 
Detailed report: https://clusterfuzz.com/testcase?key=5527482323959808

Fuzzer: libFuzzer_javascript_parser_proto_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Stack-overflow
Crash Address: 0x00197ba23000
Crash State:
  token_to_string
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5527482323959808

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Comment 1 by kkaluri@chromium.org, Oct 16

Cc: kkaluri@chromium.org
Labels: M-70 CF-NeedsTriage Test-Predator-Wrong
Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

Comment 2 by manoranj...@chromium.org, Oct 16

Labels: -CF-NeedsTriage
Owner: metzman@chromium.org
Status: Assigned (was: Untriaged)
metzman@, just wondering do you have any inputs here?

Thank you!
Project Member

Comment 3 by bugdroid1@chromium.org, Nov 14 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dcae318ae5cea468d3d9fec9600231a258c5d6c4

commit dcae318ae5cea468d3d9fec9600231a258c5d6c4
Author: Jonathan Metzman <metzman@chromium.org>
Date: Wed Nov 14 19:35:14 2018

Prevent stack overflow on Windows

Bug:  895233 
Change-Id: I4beea124124a9f773d5d32db2957be1a2c5dfdd0
Reviewed-on: https://chromium-review.googlesource.com/c/1334933
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Jonathan Metzman <metzman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608082}
[modify] https://crrev.com/dcae318ae5cea468d3d9fec9600231a258c5d6c4/testing/libfuzzer/fuzzers/generate_javascript_parser_proto.py
Project Member

Comment 4 by ClusterFuzz, Nov 15 

ClusterFuzz has detected this issue as fixed in range 608059:608101.

Detailed report: https://clusterfuzz.com/testcase?key=5527482323959808

Fuzzer: libFuzzer_javascript_parser_proto_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Stack-overflow
Crash Address: 0x00197ba23000
Crash State:
  token_to_string
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=608059:608101

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5527482323959808

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing_on_windows.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 5 by ClusterFuzz, Nov 15

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5527482323959808 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 6 by metzman@chromium.org, Dec 14 

The documentation for reproducing bugs on Windows was moved to: https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md

Sign in to add a comment