css_parser_fuzzer_CssParser_ParseSheetFuzzer_fuzzer: Abrt in blink::CSSTokenizer::TokenizeSingle [399698541]

Assigned

Bug

Reproducible

ClusterFuzz

Stability-Memory-AddressSanitizer

Stability-AFL

Stability-Crash

Test-Predator-Auto-Components

Test-Predator-Auto-Owner

Status Update

No update yet.

Description

24...@project.gserviceaccount.com

created issue #1

Feb 28, 2025 07:06PM

Detailed Report:

https://clusterfuzz.com/testcase?key=4695513760727040

Fuzzing Engine: centipede
Fuzz Target: css_parser_fuzzer_CssParser_ParseSheetFuzzer_fuzzer
Job Type: centipede_chrome_asan
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x0539000203cd
Crash State:
blink::CSSTokenizer::TokenizeSingle
blink::ConsumeUntilCommaAndFindNestingType
blink::ConsumeUntilCommaAndFindNestingType

Sanitizer: address (ASAN)

Regressed:

https://clusterfuzz.com/revisions?job=centipede_chrome_asan&range=1381722:1381736

Reproducer Testcase:

https://clusterfuzz.com/download?testcase_id=4695513760727040

Issue filed automatically.

See

https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for instructions on reproducing this bug locally.

Comments

24...@project.gserviceaccount.com <24...@project.gserviceaccount.com> #2Feb 28, 2025 07:08PM

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the hotlistid:4801165.

24...@project.gserviceaccount.com <24...@project.gserviceaccount.com> #3Feb 28, 2025 07:08PM

Assigned to pa...@chromium.org.

Automatically assigning owner based on suspected regression changelist

https://chromium.googlesource.com/chromium/src/+/592b0172dd10b4ac8f1e2c21fc755713492360a7 (fuzzer: add a CSS parser fuzzer

FuzzTest is supposed to have nice mutators, and potentially find out the
correct structure for what's expected in the string.

Change-Id: Ide7f08e65a837291f3d3f2fc7a05626698ba11ea
Reviewed-on:

https://chromium-review.googlesource.com/c/chromium/src/+/6003159
Reviewed-by: Rune Lillesveen <futhark@chromium.org>
Commit-Queue: Paul Semel <paulsemel@chromium.org>
Reviewed-by: Adrian Taylor <adetaylor@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1381727}
).

If this is incorrect, please let us know why and apply the hotlistid:5433122. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

IssueTracker

This issue is a part of the Chromium tracker.