Misaligned-address in compare_sp_items |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5737675304468480 Project: chromeos Fuzzer: libFuzzer_chromeos_cups_ppdopen_fuzzer Fuzz target binary: cups_ppdopen_fuzzer Job Type: libfuzzer_ubsan_chromeos Platform Id: linux Crash Type: Misaligned-address Crash Address: Crash State: compare_sp_items cups_array_find cupsArrayFind Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_ubsan_chromeos&range=3186694:3189561 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5737675304468480 Issue filed automatically. See https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md#Reproducing-crashes-from-ClusterFuzz for more information.
,
Dec 5
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Dec 15
,
Dec 26
,
Jan 3
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/cups/+/b9c57dbb3e6a7f4a54233979c0f2e9532c614655 commit b9c57dbb3e6a7f4a54233979c0f2e9532c614655 Author: Piotr Pawliczek <pawliczek@google.com> Date: Thu Jan 03 23:04:34 2019 cups: Correct problem with misaligned address of _cups_sp_item_t struct Strings registered with functions declared in cups/string.h were sometimes converted in-place to _cups_sp_item_t structures. This caused problem with misaligned addresses of temporary _cups_sp_item_t structures created this way. This patch introduced a couple of modifications to string.c, now all used _cups_sp_item_t structures are created and filled in proper way. BUG= chromium:916203 , chromium:916206 , chromium:912219 TEST=Tested on nautilus with cros_fuzz Change-Id: I17b6106a1794aaf0a5bd10f05f3c0dc17362b9de Reviewed-on: https://chromium-review.googlesource.com/1390914 Commit-Ready: Piotr Pawliczek <pawliczek@chromium.org> Tested-by: Piotr Pawliczek <pawliczek@chromium.org> Reviewed-by: David Valleau <valleau@chromium.org> [modify] https://crrev.com/b9c57dbb3e6a7f4a54233979c0f2e9532c614655/cups/string.c
,
Jan 4
ClusterFuzz has detected this issue as fixed in range 3308089:3308591. Detailed report: https://clusterfuzz.com/testcase?key=5737675304468480 Project: chromeos Fuzzer: libFuzzer_chromeos_cups_ppdopen_fuzzer Fuzz target binary: cups_ppdopen_fuzzer Job Type: libfuzzer_ubsan_chromeos Platform Id: linux Crash Type: Misaligned-address Crash Address: Crash State: compare_sp_items cups_array_find cupsArrayFind Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_ubsan_chromeos&range=3186694:3189561 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_ubsan_chromeos&range=3308089:3308591 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5737675304468480 See https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md#Reproducing-crashes-from-ClusterFuzz for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 4
ClusterFuzz testcase 5737675304468480 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by manojgupta@chromium.org
, Dec 5