Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in Read |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6689341115465728 Fuzzer: libfuzzer_convert_woff2ttf_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow WRITE {*} Crash Address: 0x62e000022836 Crash State: Read ReconstructGlyf ReconstructFont Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=390845:390847 Minimized Testcase (62.30 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97dSZqg-HWpBDcoaMTB6mRlchOzC1uhVb0rna2PzcdgP4PAczjvBF3UtYZ3GOQ_ufcQssSUs0HYDaIkvDiWkyq6hhtiNwBFQRrASkiRLBmhZb5I4LalaVDEQemXC8JMOoznz9Ptk_bwy_z4PAfXVefXAIC2Z8mY1op6KHh5IvCpJn5Wq34 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 4 2016
,
May 4 2016
,
May 4 2016
,
May 4 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 4 2016
,
May 4 2016
I don't seem to be able to access the minimized testcase. Is there a way I could gain access to that?
,
May 8 2016
Looks like this has been fixed upstream: https://github.com/google/woff2/commit/a15a8ab
,
May 10 2016
Thanks, I'm rolling the fixed revision.
,
May 10 2016
+ksakamoto@ for review.
,
May 10 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d6fdbb084660f06781c6932cc44b09aca20dfa29 commit d6fdbb084660f06781c6932cc44b09aca20dfa29 Author: toyoshim <toyoshim@chromium.org> Date: Tue May 10 06:22:56 2016 Update woff2 to a15a8ab BUG= 609042 , 609524 Review-Url: https://codereview.chromium.org/1959303002 Cr-Commit-Position: refs/heads/master@{#392555} [modify] https://crrev.com/d6fdbb084660f06781c6932cc44b09aca20dfa29/third_party/woff2/README.chromium [modify] https://crrev.com/d6fdbb084660f06781c6932cc44b09aca20dfa29/third_party/woff2/src/woff2_dec.cc [modify] https://crrev.com/d6fdbb084660f06781c6932cc44b09aca20dfa29/third_party/woff2/src/woff2_enc.cc
,
May 10 2016
kicked 'Redo' with 'Fixed'
,
May 11 2016
ClusterFuzz has detected this issue as fixed in range 392544:392562. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6689341115465728 Fuzzer: libfuzzer_convert_woff2ttf_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow WRITE {*} Crash Address: 0x62e000022836 Crash State: Read ReconstructGlyf ReconstructFont Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=390845:390847 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392544:392562 Minimized Testcase (62.30 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97dSZqg-HWpBDcoaMTB6mRlchOzC1uhVb0rna2PzcdgP4PAczjvBF3UtYZ3GOQ_ufcQssSUs0HYDaIkvDiWkyq6hhtiNwBFQRrASkiRLBmhZb5I4LalaVDEQemXC8JMOoznz9Ptk_bwy_z4PAfXVefXAIC2Z8mY1op6KHh5IvCpJn5Wq34 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 11 2016
,
May 11 2016
,
May 11 2016
,
May 11 2016
,
Jul 27 2016
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, May 4 2016Components: Blink>WebFonts
Labels: Pri-1