Misaligned-address in _ppdOpen |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5594516536688640 Project: chromeos Fuzzer: libFuzzer_chromeos_cups_ppdopen_fuzzer Fuzz target binary: cups_ppdopen_fuzzer Job Type: libfuzzer_asan_chromeos Platform Id: linux Crash Type: Misaligned-address Crash Address: Crash State: _ppdOpen cups_ppdopen_fuzzer.cc Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_asan_chromeos&range=3186655:3189552 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5594516536688640 Issue filed automatically. See https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md#Reproducing-crashes-from-ClusterFuzz for instructions to reproduce this bug locally.
,
Dec 20
,
Jan 3
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/cups/+/b9c57dbb3e6a7f4a54233979c0f2e9532c614655 commit b9c57dbb3e6a7f4a54233979c0f2e9532c614655 Author: Piotr Pawliczek <pawliczek@google.com> Date: Thu Jan 03 23:04:34 2019 cups: Correct problem with misaligned address of _cups_sp_item_t struct Strings registered with functions declared in cups/string.h were sometimes converted in-place to _cups_sp_item_t structures. This caused problem with misaligned addresses of temporary _cups_sp_item_t structures created this way. This patch introduced a couple of modifications to string.c, now all used _cups_sp_item_t structures are created and filled in proper way. BUG= chromium:916203 , chromium:916206 , chromium:912219 TEST=Tested on nautilus with cros_fuzz Change-Id: I17b6106a1794aaf0a5bd10f05f3c0dc17362b9de Reviewed-on: https://chromium-review.googlesource.com/1390914 Commit-Ready: Piotr Pawliczek <pawliczek@chromium.org> Tested-by: Piotr Pawliczek <pawliczek@chromium.org> Reviewed-by: David Valleau <valleau@chromium.org> [modify] https://crrev.com/b9c57dbb3e6a7f4a54233979c0f2e9532c614655/cups/string.c
,
Jan 8
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/cups/+/ae250b727d57fc7e750c06ceab254eeea1511de6 commit ae250b727d57fc7e750c06ceab254eeea1511de6 Author: Piotr Pawliczek <pawliczek@google.com> Date: Tue Jan 08 03:40:53 2019 cups: Correct problem with memory leak in PPD parser Memory leak occured when parsed file contains more than one keyword "Emulators". The problem was solved by concatenating together values from all occurences of this keyword. BUG= chromium:916206 TEST=Tested on nautilus with cros_fuzz Change-Id: Iaa31e8668c3e15a27443f454b107a738cbb859cd Reviewed-on: https://chromium-review.googlesource.com/1390916 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Piotr Pawliczek <pawliczek@chromium.org> Reviewed-by: David Valleau <valleau@chromium.org> [modify] https://crrev.com/ae250b727d57fc7e750c06ceab254eeea1511de6/cups/ppd.c
,
Jan 8
ClusterFuzz has detected this issue as fixed in range 3325986:3326712. Detailed report: https://clusterfuzz.com/testcase?key=5594516536688640 Project: chromeos Fuzzer: libFuzzer_chromeos_cups_ppdopen_fuzzer Fuzz target binary: cups_ppdopen_fuzzer Job Type: libfuzzer_asan_chromeos Platform Id: linux Crash Type: Misaligned-address Crash Address: Crash State: _ppdOpen cups_ppdopen_fuzzer.cc Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_asan_chromeos&range=3186655:3189552 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_asan_chromeos&range=3325986:3326712 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5594516536688640 See https://chromium.googlesource.com/chromiumos/docs/+/master/fuzzing.md#Reproducing-crashes-from-ClusterFuzz for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 8
ClusterFuzz testcase 5594516536688640 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by ClusterFuzz
, Dec 18Labels: ClusterFuzz-Auto-CC