New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 896980 link

Starred by 1 user
Status: WontFix
Owner:
agl@chromium.org
Closed: Dec 10
Cc:
hongjunchoi@chromium.org
kenrb@chromium.org
martinkr@google.com
engedy@chromium.org
ssoneff@google.com
kpaulhamus@chromium.org
jdoerrie@chromium.org
mknowles@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

CHECK failure: (flags_ & static_cast<uint8_t>(Flag::kExtensionDataIncluded)) != 0 == !!extensio

Project Member Reported by ClusterFuzz, Oct 19 
Detailed report: https://clusterfuzz.com/testcase?key=6076379228274688

Fuzzer: libFuzzer_ctap_response_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (flags_ & static_cast<uint8_t>(Flag::kExtensionDataIncluded)) != 0 == !!extensio
  device::AuthenticatorData::AuthenticatorData
  device::AuthenticatorGetAssertionResponse::CreateFromU2fSignResponse
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=600792:600800

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6076379228274688

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Oct 19

Components: Blink>WebAuthentication
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Oct 19

Cc: hongjunchoi@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.
Project Member

Comment 3 by ClusterFuzz, Oct 19

Labels: Test-Predator-Auto-Owner
Owner: agl@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/d072d4f9e5ebe2b442f241b135f0b023c688be3d (webauth: support hmac-secret extension during registration.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Project Member

Comment 4 by ClusterFuzz, Nov 28

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 6076379228274688 appears to be flaky, updating reproducibility label.

Comment 5 by agl@google.com, Nov 29

Status: Started (was: Assigned)
Project Member

Comment 6 by bugdroid1@chromium.org, Nov 29 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fb0cacc9c5552def248ff00ebd04a8c6ac207475

commit fb0cacc9c5552def248ff00ebd04a8c6ac207475
Author: Adam Langley <agl@chromium.org>
Date: Thu Nov 29 19:09:54 2018

Reject U2F assertion responses that assert CTAP2 flags.

(This doesn't apply to U2F register responses because there's no flags
byte there.)

Bug:  896980 
Change-Id: I02c63d4bc63db4a8e2e7256a428d8349c34f5443
Reviewed-on: https://chromium-review.googlesource.com/c/1355242
Commit-Queue: Adam Langley <agl@chromium.org>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Cr-Commit-Position: refs/heads/master@{#612300}
[modify] https://crrev.com/fb0cacc9c5552def248ff00ebd04a8c6ac207475/device/fido/authenticator_get_assertion_response.cc
[modify] https://crrev.com/fb0cacc9c5552def248ff00ebd04a8c6ac207475/device/fido/ctap_response_unittest.cc
Project Member

Comment 7 by ClusterFuzz, Dec 10

Status: WontFix (was: Started)
ClusterFuzz testcase 6076379228274688 is flaky and no longer crashes, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment