Open Bug 1268718 Opened 9 years ago Updated 3 years ago

Asan reports don't include the sample causing the actual problem

Categories

(Core :: Fuzzing, defect)

Product:
Core
Component:
Fuzzing
Type:
defect

Tracking

()

People

(Reporter: jya, Unassigned)

References

Details

I reported the issue in bug 1267711 but thought this deserved its own bug. All the ASAN reports I've seen lately are rather useless because they do not include the fuzzed content that was used to cause the issue to occur in the first place. It has the backtrace, but often this is not sufficient to properly determine the cause of the problem; it only shows the consequences. A typical asan bug include a zip file with the media supposed to have caused the problem. But so far, all the zip attachment I've seen only include the original content, pre fuzzed. It's always the exact same file as found there: https://github.com/MozillaSecurity/fuzzdata/tree/master/samples The attachment provided by those reports should include the actual samples used to cause the crash; this is the fuzzed file, not the original unfuzzed file.
Blocks: 1266260
Blocks: 1266261
Blocks: 1267711
Is anyone going to look at this? We have a few bugs marked as security, and none of them can be resolved because of this.
It looks like the ASan reports you are talking about are from Christoph's fuzzing, so I'll needinfo him.
Flags: needinfo?(cdiehl)
I'm determining the exact cause for this. It can happen that raw test-cases are used in the fuzzer, this can also happen more often than usual. In this case here, I believe that at some stage a test-case triggered some fault in the Firefox process but the process did not crash immediately and the fuzzer continued to send test-cases to Firefox. Once the Firefox process finally crashed, the ASan trace then triggered the fuzzer to generate a report of the crash with the last used test-case. The only thing which comes to my mind right now is to increase the interval of sending test-cases to Firefox. https://bugzilla.mozilla.org/show_bug.cgi?id=1267711 has a new zip attached which included a different test-case, did this one work for you?
Flags: needinfo?(cdiehl)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.