Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in copy |
||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4517320030683136 Fuzzer: libfuzzer_string_tokenizer_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x60300000ed57 Crash State: copy std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch basic_string Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408631:408652 Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Wu-fpKdnH7QV4LIj4oigIu29xYd5Euj1fu48ufoAqEILYc5p7XOr9Dg3ezyT_72HvdpelRgTtzpwW262pwP5AC4JYOlRr0vG9kP1i2_F07fb2w6LDRFJTA8uEl1zvMge4_7lp4lKKuvdw3LKmDHTweHHoMw?testcase_id=4517320030683136 Filer: tanin See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6273734558351360 Fuzzer: libfuzzer_string_tokenizer_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 3 Crash Address: 0x60200000e2d3 Crash State: copy std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch basic_string Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408631:408652 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96w9i4DewufsUXBj3o9SqQGo3BjyIcho-HWb0sLcfV6A7xJUVBCkvlxCSfH9m7OGokU7cUb0YYTo-PsO5mm0-szIUNCuldkvFB_01kbgqrOT_cnHRWT5NQo4GomoSwx4TkMBYu2jbCOLDrYjQNy2kEdd5s-7Q?testcase_id=6273734558351360 Filer: tanin See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 29 2016
,
Jul 30 2016
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408652:408744. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4712704669646848 Fuzzer: libfuzzer_string_tokenizer_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 9 Crash Address: 0x60300000dc49 Crash State: copy std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch basic_string Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408631:408652 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408652:408744 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv950f18UldUC3SGuiDDAsCBz5Faqg31vEidajdoK0wOiqqHYjj-iSH1X_sPifWLrFkpo9Q4svV2Cd_ggEZO-AUFccIX8TIVtygFW8tP6XeDdye_I47nl_82bnVKx7NHh04eXGUXVm9g0dCWvsS5O3AZBBwKCfA?testcase_id=4712704669646848 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408652:408744. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6273734558351360 Fuzzer: libfuzzer_string_tokenizer_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 3 Crash Address: 0x60200000e2d3 Crash State: copy std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch basic_string Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408631:408652 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408652:408744 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96w9i4DewufsUXBj3o9SqQGo3BjyIcho-HWb0sLcfV6A7xJUVBCkvlxCSfH9m7OGokU7cUb0YYTo-PsO5mm0-szIUNCuldkvFB_01kbgqrOT_cnHRWT5NQo4GomoSwx4TkMBYu2jbCOLDrYjQNy2kEdd5s-7Q?testcase_id=6273734558351360 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408652:408744. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4517320030683136 Fuzzer: libfuzzer_string_tokenizer_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x60300000ed57 Crash State: copy std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<ch basic_string Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408631:408652 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408652:408744 Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97Wu-fpKdnH7QV4LIj4oigIu29xYd5Euj1fu48ufoAqEILYc5p7XOr9Dg3ezyT_72HvdpelRgTtzpwW262pwP5AC4JYOlRr0vG9kP1i2_F07fb2w6LDRFJTA8uEl1zvMge4_7lp4lKKuvdw3LKmDHTweHHoMw?testcase_id=4517320030683136 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 5 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 28
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by ClusterFuzz
, Jul 29 2016