Issue metadata
Sign in to add a comment
|
Global-buffer-overflow in blink::getPropertyName |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5427857000235008 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Global-buffer-overflow READ 2 Crash Address: 0x7f987a262b3e Crash State: blink::getPropertyName blink::V8CSSStyleDeclaration::namedPropertySetterCustom v8::internal::PropertyCallbackArguments::Call Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=415049:415582 Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97-VVsfnUbjCC5vCq6jYatpHxAk5B8xCSytLxJZhxz8_7CPqmf3SDnLtCYtEZMa0TqQvOjQPsKHkks3hwvXpWk6z3hJ-fZPtz0hGWYuML6cbwQ2aZzI1FKIlPYGM8qqbyvVnZ0TktSkvHCLTwro1SUVZlkiZg?testcase_id=5427857000235008 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 1 2016
,
Sep 1 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 1 2016
,
Sep 2 2016
,
Sep 2 2016
Hi Vivek, any updates on this? We're trying to move M54 to beta soon and it would be great to get this fixed.
,
Sep 5 2016
This is top crasher on linux (150000 times a day), please take a look.
,
Sep 5 2016
This needs bisecting. I don't think https://chromium.googlesource.com/chromium/src/+/4a353555d3bad654522a68a9bd410c908127ccac is related. Note that the CL was committed 1.4 years ago.
,
Sep 5 2016
my bad i was looking at git blame. ClusterFuzz regression range is https://chromium.googlesource.com/chromium/src/+log/7a572e07f74c26470f9651cb39161fbcab67d0ec..14eb4b3941cec3332a633b60b227073656361fe3?pretty=fuller
,
Sep 5 2016
I'm looking at the regression range but it's hard to tell the culprit :/
,
Sep 5 2016
,
Sep 5 2016
,
Sep 6 2016
ClusterFuzz has detected this issue as fixed in range 416466:416526. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5427857000235008 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: Global-buffer-overflow READ 2 Crash Address: 0x7f987a262b3e Crash State: blink::getPropertyName blink::V8CSSStyleDeclaration::namedPropertySetterCustom v8::internal::PropertyCallbackArguments::Call Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=415049:415582 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=416466:416526 Minimized Testcase (0.21 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97-VVsfnUbjCC5vCq6jYatpHxAk5B8xCSytLxJZhxz8_7CPqmf3SDnLtCYtEZMa0TqQvOjQPsKHkks3hwvXpWk6z3hJ-fZPtz0hGWYuML6cbwQ2aZzI1FKIlPYGM8qqbyvVnZ0TktSkvHCLTwro1SUVZlkiZg?testcase_id=5427857000235008 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Dec 12 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by infe...@chromium.org
, Sep 1 2016Owner: vivekg@chromium.org
Status: Assigned (was: Untriaged)