Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in ReadScalar<unsigned |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6269790875811840 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61400000fbda Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<MyGame::Example::Vec3> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392685:393435 Minimized Testcase (0.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94JQYVc1Jhk3lB3w8BVhPpBAje2a1dA5i4Q05FMlqdaDkiEFyTw61TDAmqDEkA9JjGVvR6iHdoeeOtOsiQ1LHzyD7sGgRiqMF7mzxMgF-vkCXvfYN34VciGY9DoosdHWDVf7RAech2HCSQImqALzx_0DoNouQ Filer: ochang See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 13 2016
Wouter, could you please take a look, please? I'll make sure that a fix lands in Chrome.
,
May 13 2016
Filed b/28762769
,
May 13 2016
,
May 13 2016
M-53 because Flatbuffers is used in no production code.
,
May 14 2016
,
May 14 2016
,
May 15 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5318307980247040 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61600000f5b2 Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<float> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392685:393435 Minimized Testcase (0.55 Kb): https://cluster-fuzz.appspot.com/download/AMIfv946TbvON1VbIIyQnSH4wSg9Nv0FkS45HU1zlUZpUORjimTawZJJ-pLhnlKdxsqy3yqeOVTWOxhW1PnrD32OZuKuMLdzoJDK5LVkCiYO_ArrlkQZ25uWjWx0AI9hoktom1ypGqme2duVhNoXFjnbz_3VGme9zw Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 17 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5952924512944128 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61500000f9d8 Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<short> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392685:393435 Minimized Testcase (0.46 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Ty43fcL8loD-2Zp_GgKm0HYyc1ioFCnlAp8dg5QSn-pZlGBearYyi-mm55z3iAet5cURx09Ezsf8o0FlDM-zrJilBUlaGL1Pe86vkMgIVEG-m3Tw00KZk9akb4tCemKHl5DHJl7CSVZsO6w3SrNvdVLdZ1w Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 19 2016
https://codereview.chromium.org/1992133002/ in review review to use upstream's HEAD.
,
May 20 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5984176054730752 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61700000f84a Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<int> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392685:393435 Minimized Testcase (0.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96tF-32zHg5fKwLsa15SPs2EvcsTlXcSX9fHD_xCfzCHdz2VYPPQ54f9TBKxmMHruPApqVyU3hHup20pR4HTw06CvBL_z7k8TmA__n8nNE7isZxFX0SvtQFBBk3sAcubpuO2fECxxIWfTZbutKec-4zcHRkDA Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4821857375354880 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61400000fbda Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<signed Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=393536:393624 Minimized Testcase (0.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv969FL67brgPZ8ST7LBhBXTIW2vaYSRtZSQPqehDs1pxQmw35DNiqTg70BN_rRUWuyO-WcK8PtuCBpJPPLiaA_EjcGuAWGOuskSeaItHh5CLiocVd1uTOg_lgkOU43t-6LLbE2cqjQtIXYRfOd3qfjOzjWe1lw Filer: inferno See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 24 2016
,
May 24 2016
Can you please roll forward flatbuffers in chromium.
,
May 24 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1be614076087f4f0b015cc97de40227b81962c0a commit 1be614076087f4f0b015cc97de40227b81962c0a Author: battre <battre@chromium.org> Date: Tue May 24 08:09:04 2016 Update flatbuffers to HEAD of upstream BUG= 611782 Review-Url: https://codereview.chromium.org/1992133002 Cr-Commit-Position: refs/heads/master@{#395543} [modify] https://crrev.com/1be614076087f4f0b015cc97de40227b81962c0a/DEPS [modify] https://crrev.com/1be614076087f4f0b015cc97de40227b81962c0a/third_party/flatbuffers/BUILD.gn [modify] https://crrev.com/1be614076087f4f0b015cc97de40227b81962c0a/third_party/flatbuffers/README.chromium [modify] https://crrev.com/1be614076087f4f0b015cc97de40227b81962c0a/third_party/flatbuffers/flatbuffers.gyp
,
May 24 2016
,
May 24 2016
,
May 24 2016
,
May 24 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4821857375354880 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61400000fbda Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<signed Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=393536:393624 Minimized Testcase (0.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv969FL67brgPZ8ST7LBhBXTIW2vaYSRtZSQPqehDs1pxQmw35DNiqTg70BN_rRUWuyO-WcK8PtuCBpJPPLiaA_EjcGuAWGOuskSeaItHh5CLiocVd1uTOg_lgkOU43t-6LLbE2cqjQtIXYRfOd3qfjOzjWe1lw See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 25 2016
ClusterFuzz has detected this issue as fixed in range 395529:395550. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5318307980247040 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61600000f5b2 Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<float> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392685:393435 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=395529:395550 Minimized Testcase (0.55 Kb): https://cluster-fuzz.appspot.com/download/AMIfv946TbvON1VbIIyQnSH4wSg9Nv0FkS45HU1zlUZpUORjimTawZJJ-pLhnlKdxsqy3yqeOVTWOxhW1PnrD32OZuKuMLdzoJDK5LVkCiYO_ArrlkQZ25uWjWx0AI9hoktom1ypGqme2duVhNoXFjnbz_3VGme9zw See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 25 2016
ClusterFuzz has detected this issue as fixed in range 395529:395550. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5984176054730752 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61700000f84a Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<int> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392685:393435 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=395529:395550 Minimized Testcase (0.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96tF-32zHg5fKwLsa15SPs2EvcsTlXcSX9fHD_xCfzCHdz2VYPPQ54f9TBKxmMHruPApqVyU3hHup20pR4HTw06CvBL_z7k8TmA__n8nNE7isZxFX0SvtQFBBk3sAcubpuO2fECxxIWfTZbutKec-4zcHRkDA See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 8 2016
ClusterFuzz has detected this issue as fixed in range 395529:395550. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5952924512944128 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61500000f9d8 Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<short> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392685:393435 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=395529:395550 Minimized Testcase (0.46 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Cona2onckQIs2DN6TlZgbBndYA5yOU3ZDWJRhuf6HAiqDacwmi49mDb9yQldh0bGaTTO2SplKwlwo0EHsOAzPV07uyfbGoPyVeVU1Cv2xHNn5m7Xa-kMjzMpVjbiyTVxRjUFR72O26a6VKHPn1c0LGIqyIw See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 9 2016
ClusterFuzz has detected this issue as fixed in range 395529:395550. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6269790875811840 Fuzzer: libfuzzer_flatbuffers_verifier_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 2 Crash Address: 0x61400000fbda Crash State: ReadScalar<unsigned GetOptionalFieldOffset VerifyField<MyGame::Example::Vec3> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=392685:393435 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=395529:395550 Minimized Testcase (0.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96925L6U4u6FNmgCYlFGP9u98xfBGf6ArUMa8IRfDGi_I854BfxieXa_aiXweBSAqPUOCdNEZHdwDtI9gTleMimD0CiOS9B1Aw9q-pH0sPGd6kWX32lclZRw9q3Nr-WrzNdZJOpmXYguYrnnjX2YgDBLHnuEA See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 30 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by och...@chromium.org
, May 13 2016Owner: battre@chromium.org