New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 638273 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Aug 2016
Cc:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Fuzz ui::EdidParser

Project Member Reported by robert.b...@intel.com, Aug 16 2016

Issue description

The EDID is untrusted data and may be badly formed. See this paper for some attacks using EDID: https://media.blackhat.com/bh-eu-12/Davis/bh-eu-12-Davis-HDMI-WP.pdf

We should ensure Chromium's EDID parser (used on X11 & ChromeOS) is robust. 
 
Project Member

Comment 1 by bugdroid1@chromium.org, Aug 18 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1e7c1a2f73e24fd7cbe6de2dd53bba6ab7b5f05c

commit 1e7c1a2f73e24fd7cbe6de2dd53bba6ab7b5f05c
Author: robert.bradford <robert.bradford@intel.com>
Date: Thu Aug 18 18:42:03 2016

ui: Fix potential out-of-bounds array access in EDID parser

When checking the that the size of the array is sufficient for all
accesses, including the value in the third byte, the header byte was not
taken into consideration.

This bug was found with the fuzzer in: https://crrev.com/2252643003

BUG= 638273 
TEST=No ASan issues with fuzzer after change; existing unittest passes.

Review-Url: https://codereview.chromium.org/2249973006
Cr-Commit-Position: refs/heads/master@{#412899}

[modify] https://crrev.com/1e7c1a2f73e24fd7cbe6de2dd53bba6ab7b5f05c/ui/display/util/edid_parser.cc

Status: Fixed (was: Started)

Comment 4 by mmoroz@chromium.org, Aug 29 2016

Cc: mmoroz@chromium.org
Hi Robert! This is great to see your fuzzer running, but there is a problem: it writes too many ERROR messages into stderr. I wonder, if that's possible to disable error reporting in the source code of the fuzzer?

Comment 5 by mmoroz@chromium.org, Aug 30 2016

I've uploaded a CL to disable excessive logging: https://codereview.chromium.org/2294733002/

Sign in to add a comment