From 9ff5089dbb11800055b6bc1af919a84b06dee2c8 Mon Sep 17 00:00:00 2001 From: manunio Date: Mon, 27 Apr 2026 19:21:58 +0530 Subject: [PATCH 1/2] cifuzz: handle empty frames in get_error_frame to prevent IndexError (#15352) This bug was caused by cifuzz action: https://github.com/Kludex/python-multipart/actions/runs/24344710532/job/71082324098 When the following pr was merged: https://github.com/Kludex/python-multipart/pull/264 --- infra/cifuzz/sarif_utils.py | 3 ++- infra/cifuzz/sarif_utils_test.py | 11 +++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/infra/cifuzz/sarif_utils.py b/infra/cifuzz/sarif_utils.py index 6bf2dd7e2da1..3cfd7cc4dac9 100644 --- a/infra/cifuzz/sarif_utils.py +++ b/infra/cifuzz/sarif_utils.py @@ -163,7 +163,8 @@ def get_error_frame(crash_info): return None state = crash_info.crash_state.split('\n')[0] logging.info('state: %s frames %s, %s', state, crash_info.frames, - [f.function_name for f in crash_info.frames[0]]) + [f.function_name for f in crash_info.frames[0]] + if crash_info.frames else []) for crash_frames in crash_info.frames: for frame in crash_frames: diff --git a/infra/cifuzz/sarif_utils_test.py b/infra/cifuzz/sarif_utils_test.py index e8870887c071..44481b569a78 100644 --- a/infra/cifuzz/sarif_utils_test.py +++ b/infra/cifuzz/sarif_utils_test.py @@ -105,6 +105,17 @@ def _get_mock_crash_info(): return crash_info +class GetErrorFrameTest(unittest.TestCase): + """Tests for get_error_frame.""" + + def test_empty_frames_does_not_raise(self): + """Tests that get_error_frame doesn't raise IndexError when frames is empty.""" + crash_info = mock.MagicMock() + crash_info.frames = [] + crash_info.crash_state = 'some_func\nsome_func1' + self.assertIsNone(sarif_utils.get_error_frame(crash_info)) + + class GetErrorSourceInfoTest(unittest.TestCase): """Tests for get_error_source_info.""" From 92fbbf11549dcf853c2c8b8dd2b8d1d6b9bf929b Mon Sep 17 00:00:00 2001 From: Jakub Zelenka Date: Mon, 27 Apr 2026 16:12:17 +0200 Subject: [PATCH 2/2] Add me to the PHP project.yaml (#15420) I'm a core developer and member of the PHP security team. --- projects/php/project.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/projects/php/project.yaml b/projects/php/project.yaml index ac74fe5ec52f..823558d21d70 100644 --- a/projects/php/project.yaml +++ b/projects/php/project.yaml @@ -7,6 +7,7 @@ auto_ccs: - "dmitrystogov@gmail.com" - "tovilo.ilija@gmail.com" - "github@derickrethans.nl" + - "jakub.php@gmail.com" fuzzing_engines: - "afl" - "honggfuzz"