Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in ~MediaContentDescriptionImpl |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5593710702362624 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x608000002090 Crash State: ~MediaContentDescriptionImpl cricket::VideoContentDescription::~VideoContentDescription ParseContentDescription<cricket::VideoContentDescription> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=419157:419245 Minimized Testcase (0.17 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97df0-41daGx7ptl1O0S6QSnl_P4fY8cXMV8fZU2LOKv5CRjvAs1bbW1yxlTg2K8Oc-eWZLAda9vls0gS4-8y4q9kgZWvtmXcu7RIIY_QUmx2aS6M0xsciopom2kbj3YoQG0r_1UIHclMwjlzKu9SNCtboW3w?testcase_id=5593710702362624 v=0 o=moa...THIS_IS_SDPARTA-46.0.1 5115930144083302970 0 IN IPfingerprint4 0.0.0.0 s=- t=0 0 m=videocation 9 DTLS/SCTP v a=sctp-portrtcpfb:126 nack a=rtcp-fb:126 nack pli Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 19 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 19 2016
,
Sep 19 2016
,
Sep 20 2016
,
Sep 28 2016
Same root cause as another issue: parsing "sctp-port" in a non-data description.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422769:422805. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5593710702362624 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x608000002090 Crash State: ~MediaContentDescriptionImpl cricket::VideoContentDescription::~VideoContentDescription ParseContentDescription<cricket::VideoContentDescription> Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=419157:419245 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=422769:422805 Minimized Testcase (0.17 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97df0-41daGx7ptl1O0S6QSnl_P4fY8cXMV8fZU2LOKv5CRjvAs1bbW1yxlTg2K8Oc-eWZLAda9vls0gS4-8y4q9kgZWvtmXcu7RIIY_QUmx2aS6M0xsciopom2kbj3YoQG0r_1UIHclMwjlzKu9SNCtboW3w?testcase_id=5593710702362624 v=0 o=moa...THIS_IS_SDPARTA-46.0.1 5115930144083302970 0 IN IPfingerprint4 0.0.0.0 s=- t=0 0 m=videocation 9 DTLS/SCTP v a=sctp-portrtcpfb:126 nack a=rtcp-fb:126 nack pli See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 12 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Sep 19 2016