-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy path10140.json
132 lines (132 loc) · 7.69 KB
/
10140.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
{
"fix": "https://boringssl.googlesource.com/boringssl/+/371305f58ac47a98d32f30a9edc6fafa72e842be%5E%21/",
"verify": "0",
"localId": 10140,
"project": "boringssl",
"fuzzer": "libfuzzer",
"sanitizer": "msan",
"crash_type": "Use-of-uninitialized-value",
"severity": "Medium",
"report": {
"comments": [
{
"projectName": "oss-fuzz",
"localId": 10140,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535702196,
"content": "Detailed report: https://oss-fuzz.com/testcase?key=5632355033677824\n\nProject: boringssl\nFuzzer: libFuzzer_boringssl_read_pem\nFuzz target binary: read_pem\nJob Type: libfuzzer_msan_boringssl\nPlatform Id: linux\n\nCrash Type: Use-of-uninitialized-value\nCrash Address: \nCrash State:\n PEM_read_bio\n read_pem.cc\n PEM_read_bio\n \nSanitizer: memory (MSAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_boringssl&range=201808300117:201808310118\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5632355033677824\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.",
"descriptionNum": 1
},
{
"projectName": "oss-fuzz",
"localId": 10140,
"sequenceNum": 1,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535702491,
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "OS-Linux"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10140,
"sequenceNum": 2,
"commenter": {
"userId": "2721205736",
"displayName": "[email protected]"
},
"timestamp": 1535731443,
"content": "I think this is nonsense. I can only repo when I download the build from clusterfuzz and it's complaining about uninit data in |buf|. However, |buf| contains \"\\n\\x00\" and it's getting passed to strncmp. However, when I look at the machine code:\r\n\r\n 0x000000000059b652 <+1218>: mov $0x8a1846,%esi\r\n 0x000000000059b657 <+1223>: mov $0xb,%edx\r\n 0x000000000059b65c <+1228>: lea -0x230(%rbp),%rdi\r\n=> 0x000000000059b663 <+1235>: callq 0x487c30 <__interceptor_memcmp(void const*, void const*, __sanitizer::uptr)>\r\n\r\nSo strncmp has been compiled into a call to __interceptor_memcmp, which is incorrect. So Clusterfuzz bug?"
},
{
"projectName": "oss-fuzz",
"localId": 10140,
"sequenceNum": 3,
"commenter": {
"userId": "2721205736",
"displayName": "[email protected]"
},
"timestamp": 1536336726,
"content": "https://github.com/google/oss-fuzz/issues/1802"
},
{
"projectName": "oss-fuzz",
"localId": 10140,
"sequenceNum": 4,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1536887732,
"content": "This crash occurs very frequently on linux platform and is likely preventing the fuzzer read_pem from making much progress. Fixing this will allow more bugs to be found.\n\nIf this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new",
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "Fuzz-Blocker"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10140,
"sequenceNum": 5,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1537403871,
"content": "ClusterFuzz has detected this issue as fixed in range 201809040117:201809192041.\n\nDetailed report: https://oss-fuzz.com/testcase?key=5632355033677824\n\nProject: boringssl\nFuzzer: libFuzzer_boringssl_read_pem\nFuzz target binary: read_pem\nJob Type: libfuzzer_msan_boringssl\nPlatform Id: linux\n\nCrash Type: Use-of-uninitialized-value\nCrash Address: \nCrash State:\n PEM_read_bio\n read_pem.cc\n PEM_read_bio\n \nSanitizer: memory (MSAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_boringssl&range=201808300117:201808310118\nFixed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_boringssl&range=201809040117:201809192041\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5632355033677824\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nIf you suspect that the result above is incorrect, try re-doing that job on the test case report page."
},
{
"projectName": "oss-fuzz",
"localId": 10140,
"sequenceNum": 6,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1537404782,
"content": "ClusterFuzz testcase 5632355033677824 is verified as fixed, so closing issue as verified.\n\nIf this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new",
"amendments": [
{
"fieldName": "Status",
"newOrDeltaValue": "Verified",
"oldValue": "New"
},
{
"fieldName": "Labels",
"newOrDeltaValue": "ClusterFuzz-Verified"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10140,
"sequenceNum": 7,
"commenter": {
"userId": "4164592774",
"displayName": "[email protected]"
},
"timestamp": 1540049057,
"content": "This bug has been fixed for 30 days. It has been opened to the public.\n\n- Your friendly Sheriffbot",
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "-restrict-view-commit"
}
]
}
]
},
"fix_commit": "371305f58ac47a98d32f30a9edc6fafa72e842be",
"repo_addr": "https://boringssl.googlesource.com/boringssl"
}