Null-dereference READ in mz_zip_entry_is_dir |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5674347480743936 Fuzzer: libFuzzer_minizip_uncompress_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: mz_zip_entry_is_dir minizip_uncompress_fuzzer.cc Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=605548:605551 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5674347480743936 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 6
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/88c685f4de0a3fe6a07b97550dfa06a9fec54018 (Improve function and options coverage of minizip fuzzers). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Nov 6
This is already fixed in the upstream dev branch. Waiting for it to be merged into master before upreving.
,
Nov 7
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/524918751efc06fc9d1cd1766ffac0bff1bb1a20 commit 524918751efc06fc9d1cd1766ffac0bff1bb1a20 Author: Anand K. Mistry <amistry@chromium.org> Date: Wed Nov 07 07:37:49 2018 Uprev minizip to 2.7.4 BUG= 902227 ,901782 Change-Id: I130aedf1d2085089f7385ee13347894819f68e05 Reviewed-on: https://chromium-review.googlesource.com/c/1322181 Reviewed-by: Noel Gordon <noel@chromium.org> Commit-Queue: Anand Mistry <amistry@chromium.org> Cr-Commit-Position: refs/heads/master@{#605985} [modify] https://crrev.com/524918751efc06fc9d1cd1766ffac0bff1bb1a20/DEPS [modify] https://crrev.com/524918751efc06fc9d1cd1766ffac0bff1bb1a20/third_party/minizip/README.chromium
,
Nov 7
ClusterFuzz has detected this issue as fixed in range 605984:605985. Detailed report: https://clusterfuzz.com/testcase?key=5674347480743936 Fuzzer: libFuzzer_minizip_uncompress_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: mz_zip_entry_is_dir minizip_uncompress_fuzzer.cc Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=605548:605551 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=605984:605985 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5674347480743936 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 7
ClusterFuzz testcase 5674347480743936 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Nov 6Labels: ClusterFuzz-Auto-CC