New issue
Advanced search Search tips

Issue 911030 link

Starred by 1 user
Status: Verified
Owner:
mmoroz@chromium.org
Closed: Dec 4
Cc:
jsb...@chromium.org
pwnall@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Timeout in leveldb_put_get_delete_fuzzer

Project Member Reported by ClusterFuzz, Dec 3 
Detailed report: https://clusterfuzz.com/testcase?key=5115995968241664

Fuzzer: libFuzzer_leveldb_put_get_delete_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  leveldb_put_get_delete_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=612930:612943

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5115995968241664

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
Project Member

Comment 1 by ClusterFuzz, Dec 3

Cc: mmoroz@chromium.org
Labels: ClusterFuzz-Auto-CC
Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 2 by mmoroz@chromium.org, Dec 3 

We should probably set up a max input length and reject longer inputs.

Comment 3 by mmoroz@chromium.org, Dec 4

Cc: -mmoroz@chromium.org jsb...@chromium.org pwnall@chromium.org
Components: Internals>Storage
Owner: mmoroz@chromium.org
Status: Started (was: Untriaged)
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 4 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/460275219433ed25163bd9970b8e9c72e5d3d255

commit 460275219433ed25163bd9970b8e9c72e5d3d255
Author: Max Moroz <mmoroz@chromium.org>
Date: Tue Dec 04 00:53:47 2018

Restrict max input size in leveldb_put_get_delete_fuzzer.

Bug:  911030 
Change-Id: Ib17595734fc034faba8fa99ab064385be15fcfdb
Reviewed-on: https://chromium-review.googlesource.com/c/1359491
Reviewed-by: Victor Costan <pwnall@chromium.org>
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#613361}
[modify] https://crrev.com/460275219433ed25163bd9970b8e9c72e5d3d255/third_party/leveldatabase/leveldb_put_get_delete_fuzzer.cc
Project Member

Comment 5 by ClusterFuzz, Dec 4 

ClusterFuzz has detected this issue as fixed in range 613355:613375.

Detailed report: https://clusterfuzz.com/testcase?key=5115995968241664

Fuzzer: libFuzzer_leveldb_put_get_delete_fuzzer
Fuzz target binary: leveldb_put_get_delete_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  leveldb_put_get_delete_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=612930:612943
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=613355:613375

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5115995968241664

See https://www.chromium.org/developers/testing/memorysanitizer#TOC-Reproducing-ClusterFuzz-Bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Dec 4

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 5115995968241664 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment