Issue metadata
Sign in to add a comment
|
Global-buffer-overflow in blink::getPropertyName |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4741855965347840 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Global-buffer-overflow READ 2 Crash Address: 0xf339c07e Crash State: blink::getPropertyName blink::V8CSSStyleDeclaration::namedPropertySetterCustom blink::CSSStyleDeclarationV8Internal::namedPropertySetterCallback Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=415049:415582 Minimized Testcase (23.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv957eSJPMObnUV5mc-n1J-sxCukq4kNtCVbHtMaAOyVvWQ5q3NONUnZHIa6kWIC0GqfbACW5uI6YXcFtghDW4QhuoHQ0ADKHyGP-43afCn6Sbjci36vBAOjN91Wfmeg_yFfMK0Uawtv0UCm3JakMEQvKok9lXYYoFGDKlcW0SpQY3EEZj6w?testcase_id=4741855965347840 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Sep 6 2016
timloh@ -- Assigning it to you. As aarya@ mentioned, this may be a duplicate of issue 643194 so please feel free to mark it as such if you think it is.
,
Sep 6 2016
,
Sep 6 2016
ClusterFuzz has detected this issue as fixed in range 416466:416526. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4741855965347840 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Global-buffer-overflow READ 2 Crash Address: 0xf339c07e Crash State: blink::getPropertyName blink::V8CSSStyleDeclaration::namedPropertySetterCustom blink::CSSStyleDeclarationV8Internal::namedPropertySetterCallback Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=415049:415582 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=416466:416526 Minimized Testcase (23.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv957eSJPMObnUV5mc-n1J-sxCukq4kNtCVbHtMaAOyVvWQ5q3NONUnZHIa6kWIC0GqfbACW5uI6YXcFtghDW4QhuoHQ0ADKHyGP-43afCn6Sbjci36vBAOjN91Wfmeg_yFfMK0Uawtv0UCm3JakMEQvKok9lXYYoFGDKlcW0SpQY3EEZj6w?testcase_id=4741855965347840 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 6 2016
ClusterFuzz has detected this issue as fixed in range 416466:416526. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4741855965347840 Fuzzer: attekett_dom_fuzzer Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Global-buffer-overflow READ 2 Crash Address: 0xf339c07e Crash State: blink::getPropertyName blink::V8CSSStyleDeclaration::namedPropertySetterCustom blink::CSSStyleDeclarationV8Internal::namedPropertySetterCallback Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=415049:415582 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=416466:416526 Minimized Testcase (23.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv957eSJPMObnUV5mc-n1J-sxCukq4kNtCVbHtMaAOyVvWQ5q3NONUnZHIa6kWIC0GqfbACW5uI6YXcFtghDW4QhuoHQ0ADKHyGP-43afCn6Sbjci36vBAOjN91Wfmeg_yFfMK0Uawtv0UCm3JakMEQvKok9lXYYoFGDKlcW0SpQY3EEZj6w?testcase_id=4741855965347840 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 6 2016
,
Dec 13 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by aarya@google.com
, Sep 6 2016