Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/7d3def8575ecd2e5e2e7ab7f585961206007bd25 (Adds LPM-based SQLite fuzzer).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

metzman@ any way to get these automatically assigned to pwnall@ and just have me CC'd?

Matthew: Unfortunately I don't think there is. 
This is something that happens with many new fuzzers (since the commit that "introduced" the bug is the one that creates the fuzzer).
+mbarbella who may know more about this.

I can't think of any quick fix that would help here. I've thought of trying to blacklist fuzzer commits in the past but even those tend to be helpful most of the time since the author has a fair amount of context on the fuzzer (though they didn't usually introduce the bug). Luckily, once the initial batch of bugs is dealt with it shouldn't continue to assign them to you since the regression ranges should point to different commits.

The documentation for reproducing on Windows has been moved to https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md

This crash occurs very frequently on windows platform and is likely preventing the fuzzer sqlite3_select_expr_lpm_fuzzer from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.

This may be the same as the null-dereference that was just fixed, can you verify?
SELECT RAISE(ROLLBACK , '')  BETWEEN RAISE(IGNORE)  AND 1;

Yes, same thing I think. 

The SQL above returns a "RAISE() may only be used within a trigger-program" on the development trunk but causes a segfault with 3.26.0.

  

Thanks!

ClusterFuzz has detected this issue as fixed in range 622191:622221.

Detailed report: https://clusterfuzz.com/testcase?key=4899767668441088

Fuzzer: libFuzzer_sqlite3_select_expr_lpm_fuzzer
Fuzz target binary: sqlite3_select_expr_lpm_fuzzer
Job Type: windows_libfuzzer_chrome_asan
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  sqlite3ExprCompare
  sqlite3ExprCodeAtInit
  sqlite3ExprCodeTemp
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=615326:615355
Fixed: https://clusterfuzz.com/revisions?job=windows_libfuzzer_chrome_asan&range=622191:622221

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4899767668441088

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.