Automatically applying components based on crash stacktrace and information from OWNERS files.
If this is incorrect, please apply the Test-Predator-Wrong-Components label.
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/0abd626ef136c39711131a2ad9947cb61d6b4b7f (sqlite: Backport a few more bug fixes.).
If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
Removing security restrictions, because dbfuzz2 detects database corruption handling bugs, which can only be exploited by an attacker with local disk access.
This problem exists on master, but goes away with the pending backports. I expect that clusterfuzz will mark this as fixed once we land the backports.
Attached the test case and stack trace for completeness.
==1793336==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x7f7a980ff72b in sqlite3VdbeRecordUnpack third_party/sqlite/amalgamation/sqlite3.c:79648:9
#1 0x7f7a981163fc in btreeMoveto third_party/sqlite/amalgamation/sqlite3.c:63826:5
#2 0x7f7a9811600f in btreeRestoreCursorPosition third_party/sqlite/amalgamation/sqlite3.c:63858:8
#3 0x7f7a9811f0ec in btreeNext third_party/sqlite/amalgamation/sqlite3.c:68628:10
#4 0x7f7a980fe70d in sqlite3BtreeNext third_party/sqlite/amalgamation/sqlite3.c:0
#5 0x7f7a980cfbc7 in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:88333:8
#6 0x7f7a98014ccc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81445:10
#7 0x7f7a980013ee in sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81508:16
#8 0x7f7a98027021 in sqlite3_exec third_party/sqlite/amalgamation/sqlite3.c:118093:12
#9 0x55ab529dfc69 in LLVMFuzzerTestOneInput third_party/sqlite/src/test/dbfuzz2.c:95:5
Uninitialized value was created by a heap allocation
#0 0x55ab52990bad in __interceptor_malloc third_party/llvm/compiler-rt/lib/msan/msan_interceptors.cc:912:3
#1 0x7f7a982e8f80 in sqlite3MemMalloc third_party/sqlite/amalgamation/sqlite3.c:22762:7
#2 0x7f7a98048a2f in mallocWithAlarm third_party/sqlite/amalgamation/sqlite3.c:26604:7
#3 0x7f7a97febcb8 in sqlite3Malloc third_party/sqlite/amalgamation/sqlite3.c:26634:5
#4 0x7f7a980aa14c in saveCursorKey third_party/sqlite/amalgamation/sqlite3.c:63688:12
#5 0x7f7a980a9bbd in saveCursorPosition third_party/sqlite/amalgamation/sqlite3.c:63724:8
#6 0x7f7a980a987a in saveCursorsOnList third_party/sqlite/amalgamation/sqlite3.c:63783:18
#7 0x7f7a980a8526 in saveAllCursors third_party/sqlite/amalgamation/sqlite3.c:63765:18
#8 0x7f7a980fff67 in sqlite3BtreeInsert third_party/sqlite/amalgamation/sqlite3.c:71402:10
#9 0x7f7a980dcff3 in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:88410:10
#10 0x7f7a98014ccc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81445:10
#11 0x7f7a980013ee in sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81508:16
#12 0x7f7a98027021 in sqlite3_exec third_party/sqlite/amalgamation/sqlite3.c:118093:12
#13 0x55ab529dfc69 in LLVMFuzzerTestOneInput third_party/sqlite/src/test/dbfuzz2.c:95:5
Richard and Dan, can you please take a look at this?
dbfuzz2 test case and stack trace above. My previous comment is wrong, the crash still reproduces with our pending backports.
ClusterFuzz testcase 6275221577400320 is verified as fixed, so closing issue as verified.
If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Comment 1 by ClusterFuzz
, Jan 20 (2 days ago)Labels: Test-Predator-Auto-Components