Issue metadata
Sign in to add a comment
|
Negative-size-param in content::WebRTCEventLogHost::PeerConnectionRemoved |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5085031718715392 Fuzzer: ipc_fuzzer_gen Job Type: linux_asan_chrome_ipc Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved bool IPC::MessageT<PeerConnectionTrackerHost_RemovePeerConnection_Meta, std::__1 content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_ipc&range=404161:404191 Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96bT2H8jfjjiNZYynPk-dfIaWSIiSfJvBuV80rWjHkrmlrz5_HTevxtTfGtL_sb7b2660FiKU3_lSlHZZ3GfPYxNrJLmzCDAKXhwUxIrBuzvxuUt6xLTaHFeXyd_YMqoaK-YMl9CLsgpbHbGEOh0eiNxNWc2w?testcase_id=5085031718715392 Filer: ochang See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6268653402324992 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404552:404561 Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97q5GhjOW4LKjXE9gNfo28T4bErHxjqyX5Ee0pvmZ76a5mrfd7ZCAHbH_L55WVOohgVJ4xoryiV_Ct4V_9pTaXozOYLRDia63u1_8E6B3hi3xbUjRlB0c1KiQ1HnuAjGDLOv_UVqXzi11y8zBy-xf5nqj0OrQ?testcase_id=6268653402324992 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5293390111703040 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404506:404552 Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96NF6utYBD2NuKKwX6P8WKrDX-Zsuf8GPurwzIqlH0allfg4nWTbPcLlOCRMLDvzmu9mcGC6deaXHtnJcejzDAyMTpei0p_iWO-ZECIomv8vcHHB2w0YlFVq34cenEO5zprwpTABIXbmSQJSQkLrsrb00L5Og?testcase_id=5293390111703040 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5107927920934912 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404561:404562 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95lCfiPScHzIcwcu1tj96O6DZVte9HyVBZg2-HUTJMszY4icoUjz8FguvMe-y0BQVB3zf2VqUV3DVFX83YUpquh5CwCbw3rHEQQRDT34YYvjzMmr7EuaEJwsdwSxIXe9flVSKJbA3DJ9jW9oWYjA63oaArBE9ZbuclvTlVnhN34gOF7J8c?testcase_id=5107927920934912 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
ivoc@, could you please take a look: Author: ivoc Project: chromium Changelist: https://chromium.googlesource.com/chromium/src//+/cf0887d3df989061ca653339e7affa8e49a3cfe6 Time: Thu Jul 07 18:23:53 2016 The CL last changed line 98 of file webrtc_eventlog_host.cc, which is stack frame 4
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5164696651169792 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404473:404506 Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94txacTdeG-S4U4Nf_GUBXitvQQtKbB_wwrqnuweYHXcjtDvrF6oM8gz8GTH0cBg0M505XZsgPr4inZxKjDPD7dxyg2KGKCUDZs0tOh4c2_6BauaLgdop4ugmhLAHdPkReVUiFq3Kv-xFPDeS8F-O6rWH0NwQ?testcase_id=5164696651169792 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5387163877507072 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404363:404454 Minimized Testcase (3.82 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94_qkpdvyzCI4eQyYXyUD6Yh4V9NWD2ZEIsk6YL3_FFcsNlEVsu-4MeoSXRqUGpTLS2d8rrmyekuVFXasAEmoyLv241EK4bpFr79qVJiJfXlB7w6Y4PMJSCgBiBUCdQnFXAP07WRu5UPBEJpU3IS9FgC0TD3A?testcase_id=5387163877507072 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5074389192409088 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404223:404238 Minimized Testcase (0.16 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95LqvfeKP1mKp1OaBsEx8XK-Jw7v9dqiMwsYyhPTgmII6qnaGvfZjfb47kAattlHKlKZ3rkYJwONhaScYCLrrSY7_LevXavlAxucihkuA707SP1osmNTerJz072kDjrdEb8UHon9Ztc2EvGzMpwVEQNucdLEg?testcase_id=5074389192409088 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5262778101399552 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404161:404191 Minimized Testcase (7.12 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97jCZrHNqGAvrIO4x0_XErnxnppf9wqsSiPN8ALnCekjxbWP9vutjBaRsYWYoqhBxm8hiVdGwusyHPVrMGhb0isvoaGnGcvfe9_oZ38D8DKzFBFx42I0V34G3vQEGWgqj_ZaB6m8bGSG9pAJ10f9gz3NinHFQ?testcase_id=5262778101399552 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5540858074234880 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404191:404223 Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94Fr8glt2tcNSOhOaTowAH7696ypl4LNP0aitZqJKaT8NvZWKH8i2TZhr5tCmf9zOsOqS2nUYV8Q8-_hzNCwXZ_fg05oyarWJc4tNr2C5lRGuCG_HGoJU2Hvj2UMFe_dx_ojrJOpvdmzrMn9vbC3qhFoKe5eQ?testcase_id=5540858074234880 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
,
Jul 12 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 12 2016
,
Jul 12 2016
,
Jul 13 2016
,
Jul 13 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e35e001ed65a2b2d31d9026458cf7a5ee151ba7c commit e35e001ed65a2b2d31d9026458cf7a5ee151ba7c Author: ivoc <ivoc@chromium.org> Date: Wed Jul 13 08:10:39 2016 Fix for crash in the WebRTC event log host IPC handling code. This bug was found by the IPC fuzzer. BUG= 627354 Review-Url: https://codereview.chromium.org/2139913003 Cr-Commit-Position: refs/heads/master@{#405076} [modify] https://crrev.com/e35e001ed65a2b2d31d9026458cf7a5ee151ba7c/content/browser/media/webrtc/webrtc_eventlog_host.cc
,
Jul 13 2016
I'm pretty sure this is fixed, but since I cannot build ipc_fuzzer_replay (build errors in Release), it's a little hard to verify.
,
Jul 13 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e35e001ed65a2b2d31d9026458cf7a5ee151ba7c commit e35e001ed65a2b2d31d9026458cf7a5ee151ba7c Author: ivoc <ivoc@chromium.org> Date: Wed Jul 13 08:10:39 2016 Fix for crash in the WebRTC event log host IPC handling code. This bug was found by the IPC fuzzer. BUG= 627354 Review-Url: https://codereview.chromium.org/2139913003 Cr-Commit-Position: refs/heads/master@{#405076} [modify] https://crrev.com/e35e001ed65a2b2d31d9026458cf7a5ee151ba7c/content/browser/media/webrtc/webrtc_eventlog_host.cc
,
Jul 14 2016
ClusterFuzz has detected this issue as fixed in range 405052:405102. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5085031718715392 Fuzzer: ipc_fuzzer_gen Job Type: linux_asan_chrome_ipc Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved bool IPC::MessageT<PeerConnectionTrackerHost_RemovePeerConnection_Meta, std::__1 content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_ipc&range=404161:404191 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_ipc&range=405052:405102 Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96bT2H8jfjjiNZYynPk-dfIaWSIiSfJvBuV80rWjHkrmlrz5_HTevxtTfGtL_sb7b2660FiKU3_lSlHZZ3GfPYxNrJLmzCDAKXhwUxIrBuzvxuUt6xLTaHFeXyd_YMqoaK-YMl9CLsgpbHbGEOh0eiNxNWc2w?testcase_id=5085031718715392 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 14 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5251641016320000 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404947:405067 Minimized Testcase (0.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv946szKNo4mqZvy7dBKgaIVH6St6WEyRpdLGFfcXzgA1zbGaeDrZopygx1IJnDRPhFcrjENZHQP7XE4kNEtcurgsUmnBOT3t-cCVN6rAzJ9gqKTQpKqey8ns9iI1H2iIWVVbk4M5_SoC_64xsbL4nUm2PmRwdQ?testcase_id=5251641016320000 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 14 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5212600971558912 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404947:405067 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94GZYvvPzd7cUbe_D1WdIIbppQOyz9_o6OuN_sNstiDndEkhRK4aSUqwLmzpIPNxZhsaRt0_gDjeAANHxtXMonFufP5swg5-sbZ722w9nQfOU3QUXmTrTVGR_JPf09_9Df-eUhTBKY4VwPGK3MpB-9mAV3JwE4kMrTZnt4OVISWqTAKLjM?testcase_id=5212600971558912 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 14 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5212600971558912 Fuzzer: ipc_fuzzer_gen Job Type: windows_asan_chrome_ipc Platform Id: windows Crash Type: Negative-size-param Crash Address: Crash State: content::WebRTCEventLogHost::PeerConnectionRemoved IPC::MessageT<struct PeerConnectionTrackerHost_RemovePeerConnection_Meta,class s content::PeerConnectionTrackerHost::OnMessageReceived Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_ipc&range=404947:405067 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94GZYvvPzd7cUbe_D1WdIIbppQOyz9_o6OuN_sNstiDndEkhRK4aSUqwLmzpIPNxZhsaRt0_gDjeAANHxtXMonFufP5swg5-sbZ722w9nQfOU3QUXmTrTVGR_JPf09_9Df-eUhTBKY4VwPGK3MpB-9mAV3JwE4kMrTZnt4OVISWqTAKLjM?testcase_id=5212600971558912 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 14 2016
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 15 2016
,
Jul 26 2016
,
Oct 20 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Jul 12 2016