-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy path10129.json
132 lines (132 loc) · 7.28 KB
/
10129.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
{
"fix": "https://boringssl.googlesource.com/boringssl/+/371305f58ac47a98d32f30a9edc6fafa72e842be%5E%21/",
"verify": "0",
"localId": 10129,
"project": "boringssl",
"fuzzer": "libfuzzer",
"sanitizer": "msan",
"crash_type": "Use-of-uninitialized-value",
"severity": "Medium",
"report": {
"comments": [
{
"projectName": "oss-fuzz",
"localId": 10129,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535692868,
"content": "Detailed report: https://oss-fuzz.com/testcase?key=5714757638684672\n\nProject: boringssl\nFuzzer: libFuzzer_boringssl_ssl_ctx_api\nFuzz target binary: ssl_ctx_api\nJob Type: libfuzzer_msan_boringssl\nPlatform Id: linux\n\nCrash Type: Use-of-uninitialized-value\nCrash Address: \nCrash State:\n parse_sigalgs_list\n SSL_CTX_set1_sigalgs_list\n ssl_ctx_api.cc::$_45::operator\n \nSanitizer: memory (MSAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_boringssl&range=201808300117:201808310118\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5714757638684672\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.",
"descriptionNum": 1
},
{
"projectName": "oss-fuzz",
"localId": 10129,
"sequenceNum": 1,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535693355,
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "OS-Linux"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10129,
"sequenceNum": 2,
"commenter": {
"userId": "1396994164",
"displayName": "davidben@google.com"
},
"timestamp": 1535750046,
"content": "This looks similar to issue #10140. Here a strcmp is turning into a memcmp. (Though I do suspect that parser could be made a little simpler...)"
},
{
"projectName": "oss-fuzz",
"localId": 10129,
"sequenceNum": 3,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1536283163,
"content": "This crash occurs very frequently on linux platform and is likely preventing the fuzzer ssl_ctx_api from making much progress. Fixing this will allow more bugs to be found.\n\nIf this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new",
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "Fuzz-Blocker"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10129,
"sequenceNum": 4,
"commenter": {
"userId": "2721205736",
"displayName": "agl@google.com"
},
"timestamp": 1536336723,
"content": "https://github.com/google/oss-fuzz/issues/1802"
},
{
"projectName": "oss-fuzz",
"localId": 10129,
"sequenceNum": 5,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1537403882,
"content": "ClusterFuzz has detected this issue as fixed in range 201809040117:201809192041.\n\nDetailed report: https://oss-fuzz.com/testcase?key=5714757638684672\n\nProject: boringssl\nFuzzer: libFuzzer_boringssl_ssl_ctx_api\nFuzz target binary: ssl_ctx_api\nJob Type: libfuzzer_msan_boringssl\nPlatform Id: linux\n\nCrash Type: Use-of-uninitialized-value\nCrash Address: \nCrash State:\n parse_sigalgs_list\n SSL_CTX_set1_sigalgs_list\n ssl_ctx_api.cc::$_45::operator\n \nSanitizer: memory (MSAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_boringssl&range=201808300117:201808310118\nFixed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_boringssl&range=201809040117:201809192041\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5714757638684672\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nIf you suspect that the result above is incorrect, try re-doing that job on the test case report page."
},
{
"projectName": "oss-fuzz",
"localId": 10129,
"sequenceNum": 6,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1537404940,
"content": "ClusterFuzz testcase 5714757638684672 is verified as fixed, so closing issue as verified.\n\nIf this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new",
"amendments": [
{
"fieldName": "Status",
"newOrDeltaValue": "Verified",
"oldValue": "New"
},
{
"fieldName": "Labels",
"newOrDeltaValue": "ClusterFuzz-Verified"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10129,
"sequenceNum": 7,
"commenter": {
"userId": "4164592774",
"displayName": "sheriffbot@chromium.org"
},
"timestamp": 1540049048,
"content": "This bug has been fixed for 30 days. It has been opened to the public.\n\n- Your friendly Sheriffbot",
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "-restrict-view-commit"
}
]
}
]
},
"fix_commit": "371305f58ac47a98d32f30a9edc6fafa72e842be",
"repo_addr": "https://boringssl.googlesource.com/boringssl"
}