Issue metadata
Sign in to add a comment
|
Heap-use-after-free in v8::internal::__RT_impl_Runtime_GenerateRandomNumbers |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5340913852743680 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x61500000cd80 Crash State: v8::internal::__RT_impl_Runtime_GenerateRandomNumbers v8::internal::Runtime_GenerateRandomNumbers v8::internal::Invoke Recommended Security Severity: High Regressed: V8: r36139:36140 Minimized Testcase (8.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Dw-KAhTg0bJAOh_WeLp8qdF6wERw2b_01d7afmDfFxem0GhSDaHt2O5jqiS2sB6vPLkfZvIuRIJ2otVj7AvvEc2CGzg8CHXwpKqt051VU2tu9VLV5lTICCMFWeTFYiG86CyTQeIQ4hsvyQKx1l43pGwaOLg Filer: mstarzinger See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 11 2016
,
May 11 2016
ClusterFuzz has detected this issue as fixed in range 36142:36143. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5340913852743680 Fuzzer: decoder_langfuzz Job Type: linux_asan_d8_ignition_dbg Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x61500000cd80 Crash State: v8::internal::__RT_impl_Runtime_GenerateRandomNumbers v8::internal::Runtime_GenerateRandomNumbers v8::internal::Invoke Recommended Security Severity: High Regressed: V8: r36139:36140 Fixed: V8: r36142:36143 Minimized Testcase (8.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Dw-KAhTg0bJAOh_WeLp8qdF6wERw2b_01d7afmDfFxem0GhSDaHt2O5jqiS2sB6vPLkfZvIuRIJ2otVj7AvvEc2CGzg8CHXwpKqt051VU2tu9VLV5lTICCMFWeTFYiG86CyTQeIQ4hsvyQKx1l43pGwaOLg See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 11 2016
Is the feature being tested by this build enabled by default? I'm trying to figure out which milestones, if any, would be affected.
,
May 12 2016
I'm assuming ignition isn't enabled anywhere yet, so setting Security_Impact-None. Please correct me if I'm wrong about this.
,
May 12 2016
The CL has been reverted on the same day. The only reason this was open is to have another test to check against.
,
May 13 2016
,
Aug 19 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mstarzinger@chromium.org
, May 11 2016Status: Assigned (was: Available)