Large number 2^53(9007199254740992) causes OOM crash
Reported by
faarari...@gmail.com,
Jun 3 2016
|
||
Issue descriptionVULNERABILITY DETAILS Please provide a brief explanation of the security issue. VERSION Chrome Version: 52.0.2743.19 dev-m (64-bit) Operating System: [WIN8] REPRODUCTION CASE 1.使用一個有問題的頁面,將字串大於2^53 (9007199254740992) 2.例如https://vulreport.net/vulnerability/publication/9007199254740991 (該頁面會顯示其下一頁的數值9007199254740992) 3.使用瀏覽器任一分頁點擊該問題連結 4.瀏覽器分頁暫存會因點擊過該聯結而跟著崩潰 https://www.youtube.com/watch?v=hhVWp-lQvno FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION https://www.youtube.com/watch?v=hhVWp-lQvno
,
Jun 3 2016
Thank you for the report. This seems to be an out-of-memory crash due to computation with large numbers, which is not a security bug.
,
Jun 3 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6429920091963392 Uploader: felt@google.com Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00009f7537dd Crash State: blink::reportFatalErrorInMainThread v8::Utils::ApiCheck v8::internal::V8::FatalProcessOutOfMemory Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286 Minimized Testcase (0.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96IWFX8FO1dgHTFUzwADsYTuNfQ9JatUSZwVPR_HtbrSk2BfDdopBXCXoM6MZAdpflUvBPmp9bYgGhLBSvUIVfqvStz5yP7qiDcBtq9jVRQwjj1yvg8afnDuTpbwkzV_zcrD5H4r11e0Y6uIaOFdl0schxuYw See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 4 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6429920091963392 Uploader: felt@google.com Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x00009f7537dd Crash State: blink::reportFatalErrorInMainThread v8::Utils::ApiCheck v8::internal::V8::FatalProcessOutOfMemory Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286 Minimized Testcase (0.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96IWFX8FO1dgHTFUzwADsYTuNfQ9JatUSZwVPR_HtbrSk2BfDdopBXCXoM6MZAdpflUvBPmp9bYgGhLBSvUIVfqvStz5yP7qiDcBtq9jVRQwjj1yvg8afnDuTpbwkzV_zcrD5H4r11e0Y6uIaOFdl0schxuYw See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||
►
Sign in to add a comment |
||
Comment 1 by ClusterFuzz
, Jun 3 2016