Detailed report: https://clusterfuzz.com/testcase?key=5961646618705920 Fuzzer: libFuzzer_sqlite3_dbfuzz2_fuzzer Fuzz target binary: sqlite3_dbfuzz2_fuzzer Job Type: x86_libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: sqlite3_dbfuzz2_fuzzer Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5961646618705920 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
Unable to provide possible suspect using Predator, CL and Code Search. With reference to the Issue 914619 , CC'ing the mpdenton@ for further triage. Thank You...
Thanks. Dr. Hipp this is a fairly small test case that runs for >25 seconds, so I'm assuming this is an infinite loop. Can you take a look?
Should be fixed by check-in https://www.sqlite.org/src/info/f31b3bd2a6a8aa35
Thank you very much for the quick fix, Richard! I am backporting this.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/846fd43e9412f97c0f0732807537fa3981c38ee3 commit 846fd43e9412f97c0f0732807537fa3981c38ee3 Author: Victor Costan <pwnall@chromium.org> Date: Tue Jan 22 21:15:35 2019 sqlite: Backport a fourth round of bugfixes. Bug: 914028 , 914614 , 917075, 917786, 921417 , 921684, 922399, 922844, 922849, 923196 , 923715 , 923743 , 923902 Change-Id: Id642f518153293afa8787b70692a97560dc4691b Reviewed-on: https://chromium-review.googlesource.com/c/1424164 Reviewed-by: Chris Mumford <cmumford@google.com> Commit-Queue: Victor Costan <pwnall@chromium.org> Auto-Submit: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#624921} [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/amalgamation/rename_exports.h [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/amalgamation/sqlite3.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/amalgamation/sqlite3.h [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0001-Modify-default-VFS-to-support-WebDatabase.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0002-Virtual-table-supporting-recovery-of-corrupted-datab.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0003-Custom-shell.c-helpers-to-load-Chromium-s-ICU-data.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0004-fts3-Disable-fts3_tokenizer-and-fts4.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0005-fuchsia-Use-dot-file-locking-for-sqlite.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0006-Fix-dbfuzz2-for-Clusterfuzz.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0007-Fix-the-Makefile-so-that-it-honors-CFLAGS-when-build.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0008-Adjustments-to-the-page-cache-to-try-to-avoid-harmle.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0009-Remove-an-ALWAYS-from-a-branch-that-is-not-always-ta.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0010-Fix-a-problem-with-nested-CTEs-with-the-same-table.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0011-Fix-detection-of-self-referencing-rows-in-foreign-ke.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0012-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0013-Fix-for-an-assert-that-could-be-false.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0014-Fix-another-problem-found-by-Matthew-Denton-s-new-fu.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0015-Report-a-new-corruption-case.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0016-Avoid-a-buffer-overread-in-ptrmapPutOvflPtr.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0017-Improved-detection-of-cell-corruption-in-sqlite3Vdbe.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0018-Fix-a-segfault-in-fts3-prompted-by-a-corrupted-datab.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0019-Prevent-integer-overflow-from-leading-to-buffer-over.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0020-Add-extra-tests-for-database-corruption-inside-defra.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0021-Fix-an-off-by-one-error-on-a-Goto-in-the-code-genera.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0022-Fix-overread-on-corrupted-btree-key.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0023-Avoid-buffer-overreads-on-corrupted-database-files.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0024-Fix-integer-overflow-while-running-PRAGMA-integrity_.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0025-Improved-corruption-handling-while-balancing-pages.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0026-Avoid-reading-off-the-front-of-a-page-buffer-when-ba.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0027-Fix-MSAN-error-in-sqlite3VdbeRecordUnpack-on-a-corru.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0028-Fix-deleting-a-B-tree-entry-in-a-corrupt-database.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0029-Fix-sorting-results-with-SRT_EphemTab-and-a-LIMIT-cl.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0030-Fix-detection-of-orphaned-and-malformed-autoindexes.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0031-Fix-potential-buffer-overread.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0032-Fix-handling-negative-number-of-pages-database-field.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0033-Fix-corner-case-in-inserting-null-into-integer-prima.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0034-Fix-insert-infinite-recursion-on-some-corrupted-data.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0035-Fix-null-pointer-dereference-in-sqlite3ExprCompare.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0036-Fix-NEVER-that-is-sometimes-true.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0037-Initialize-extra-bytes-allocated-for-saved-cursor-po.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0038-Fix-leaks-caused-by-circular-references-in-vtable-sh.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0039-Fix-overly-large-malloc-on-btree-corruption.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0040-Fix-null-pointer-access-on-corrupted-index-key.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/ext/fts3/fts3_write.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/ext/fts5/fts5_index.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/ext/fts5/fts5_storage.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/ext/rtree/rtree.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/btree.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/build.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/expr.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/insert.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/pcache1.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/prepare.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/sqlite.h.in [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/sqliteInt.h [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/trigger.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/vdbeaux.c
Comment 1 by ClusterFuzz
, Jan 14