New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 900991 link

Starred by 1 user
Status: Started
Owner:
mpear...@chromium.org
Cc:
kojii@chromium.org
js...@chromium.org
dominicc@chromium.org
mgiuca@chromium.org
mac-bugs-priority@chromium.org
creis@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug
Team-Security-UX



Sign in to add a comment

Null-dereference READ in uidna_labelToUnicode_63

Project Member Reported by ClusterFuzz, Nov 1 
Detailed report: https://clusterfuzz.com/testcase?key=5691624962916352

Fuzzer: libFuzzer_template_url_parser_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  uidna_labelToUnicode_63
  url_formatter::IDNToUnicodeOneComponent
  url_formatter::IDNToUnicodeWithAdjustments
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=476117:476173

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5691624962916352

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Nov 1

Components: UI>Security>UrlFormatting
Labels: Test-Predator-Auto-Components
Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Project Member

Comment 2 by ClusterFuzz, Nov 1

Cc: dominicc@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.
Project Member

Comment 3 by ClusterFuzz, Nov 1

Labels: Test-Predator-Auto-Owner
Owner: mpear...@chromium.org
Status: Assigned (was: Untriaged)
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/ee5a39ceca0897f43f63059d44635da6f02d0a50 (Omnibox - Open Search - Handle Lack of Short Name Smartly).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Comment 4 by mpear...@chromium.org, Nov 1

Cc: mpearson@google.com

Comment 5 by mpear...@chromium.org, Nov 14

Status: Started (was: Assigned)
Are there instructions on how to reproduce this locally?

Comment 6 by mpear...@chromium.org, Nov 27

Cc: -mpearson@google.com

Comment 7 by mpear...@chromium.org, Nov 27

Cc: mpearson@google.com

Comment 8 by mpear...@chromium.org, Nov 27

Cc: -mpearson@google.com

Comment 9 by mpear...@chromium.org, Nov 28

Cc: js...@chromium.org
jshin@, can our IDN libraries behave differently on Mac versus Linux?  I find it odd that this bug reproduces on Mac yet does not on Linux.  All the Chromium code here is cross-platform.

Comment 10 by mgiuca@chromium.org, Nov 28

Cc: kojii@chromium.org
Jungshik no longer works on Chromium. +Koji who has recently volunteered as an IDN expert.
Project Member

Comment 11 by ClusterFuzz, Dec 1

Labels: -Reproducible Unreproducible
ClusterFuzz testcase 5691624962916352 appears to be flaky, updating reproducibility label.

Comment 12 by infe...@chromium.org, Dec 1

Labels: -Unreproducible Reproducible
Please ignore the last comment about testcase being unreproducible. The testcase is still reproducible. This happened due to a code refactoring on ClusterFuzz side, and the underlying root cause is now fixed. Resetting the label back to Reproducible. Sorry about the inconvenience caused from these incorrect notifications.

Sign in to add a comment