Closed Bug 1806104 Opened 2 years ago Closed 2 years ago

Hit MOZ_CRASH(Unused) at netwerk/base/FuzzySecurityInfo.cpp:22

Categories

(Core :: Networking: HTTP, defect)

x86_64
Linux
defect

Tracking

()

RESOLVED FIXED
110 Branch
Tracking Status
firefox-esr102 --- unaffected
firefox108 --- unaffected
firefox109 --- unaffected
firefox110 --- fixed

People

(Reporter: decoder, Assigned: decoder)

References

(Regression)

Details

(4 keywords, Whiteboard: [post-critsmash-triage][adv-main110-])

Attachments

(3 files)

The attached testcase crashes on mozilla-central revision 20221216-ef0d179e0aeb (fuzzing build).

For detailed crash information, see attachment.

To reproduce the issue, perform the following steps:

  1. Download the attached testcase, save as "test.bin".
    2a. Build with --enable-fuzzing (requires Clang and ASan, also build gtests using ./mach gtest dontruntests).
    2b. Alternatively you can download builds from TC using python -mfuzzfetch -a --fuzzing --target firefox gtest (see https://github.com/MozillaSecurity/fuzzfetch).
  2. Run FUZZER=NetworkHttp2 objdir/dist/bin/firefox test.bin

I'm marking this s-s not because this is a sec bug per se but because it blocks us from resuming the HTTP2 fuzzing that was down for a month. We can unhide this once the fuzzing is back up.

I also have a simple patch for this, coming up.

Attached file Testcase
Assignee: nobody → choller
Status: NEW → ASSIGNED
Keywords: sec-other
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 110 Branch
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main110-]
Group: core-security-release
Keywords: regression
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: