<html>
<body>
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"name": "View Issue",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27942"
},
"description": ""
}
</script>
<div style="font-family: arial, sans-serif; white-space:pre">Status: New<br/>Owner: ----<br/>CC: <a href="mailto:kcc@google.com">kcc@google.com</a>, <a href="mailto:mascasa@google.com">mascasa@google.com</a>, jdevl...@<a href="http://apple.com">apple.com</a>, igm...@<a href="http://gmail.com">gmail.com</a>, <a href="mailto:davg@google.com">davg@google.com</a>, <a href="mailto:mitchp@google.com">mitchp@google.com</a>, bigch...@<a href="http://gmail.com">gmail.com</a>, <a href="mailto:eneyman@google.com">eneyman@google.com</a>, llvm-...@<a href="http://lists.llvm.org">lists.llvm.org</a>, <a href="mailto:jfb@chromium.org">jfb@chromium.org</a>, v...@<a href="http://apple.com">apple.com</a>, mitch...@<a href="http://outlook.com">outlook.com</a>, xpl...@<a href="http://gmail.com">gmail.com</a>, akils...@<a href="http://apple.com">apple.com</a> <br/>Labels: ClusterFuzz Stability-Memory-AddressSanitizer Reproducible Engine-libfuzzer OS-Linux Proj-llvm Security_Severity-High Reported-2020-11-27<br/>Type: Bug-Security<br/><br/>New issue 27942 by ClusterFuzz-External: llvm:llvm-opt-fuzzer--x86_64-guard_widening: Heap-use-after-free in llvm::Value::setValueName<br/><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27942">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27942</a><br/><br/>Detailed Report: <a href="https://oss-fuzz.com/testcase?key=5720028133195776">https://oss-fuzz.com/testcase?key=5720028133195776</a><br/><br/>Project: llvm<br/>Fuzzing Engine: libFuzzer<br/>Fuzz Target: llvm-opt-fuzzer--x86_64-guard_widening<br/>Job Type: libfuzzer_asan_llvm<br/>Platform Id: linux<br/><br/>Crash Type: Heap-use-after-free READ 8<br/>Crash Address: 0x6210000094b0<br/>Crash State:<br/> llvm::Value::setValueName<br/> llvm::LLVMContextImpl::~LLVMContextImpl<br/> llvm::LLVMContext::~LLVMContext<br/> <br/>Sanitizer: address (ASAN)<br/><br/>Recommended Security Severity: High<br/><br/>Regressed: <a href="https://oss-fuzz.com/revisions?job=libfuzzer_asan_llvm&range=202011250612:202011260600">https://oss-fuzz.com/revisions?job=libfuzzer_asan_llvm&range=202011250612:202011260600</a><br/><br/>Reproducer Testcase: <a href="https://oss-fuzz.com/download?testcase_id=5720028133195776">https://oss-fuzz.com/download?testcase_id=5720028133195776</a><br/><br/>Issue filed automatically.<br/><br/>See <a href="https://google.github.io/oss-fuzz/advanced-topics/reproducing">https://google.github.io/oss-fuzz/advanced-topics/reproducing</a> for instructions to reproduce this bug locally.<br/>When you fix this bug, please<br/> * mention the fix revision(s).<br/> * state whether the bug was a short-lived regression or an old bug in any stable releases.<br/> * add any other useful information.<br/>This information can help downstream consumers.<br/><br/>If you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at <a href="https://github.com/google/oss-fuzz/issues">https://github.com/google/oss-fuzz/issues</a>. Comments on individual Monorail issues are not monitored.<br/><br/>-- <br/>You received this message because:<br/> 1. You were specifically CC'd on the issue<br/><br/>You may adjust your notification preferences at:<br/><a href="https://bugs.chromium.org/hosting/settings">https://bugs.chromium.org/hosting/settings</a><br/><br/>Reply to this email to add a comment.</div>
</body>
</html>