Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in cricket::MediaContentDescriptionImpl<cricket::AudioCodec>::~MediaContentDescript |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5857065144942592 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x608000002110 Crash State: cricket::MediaContentDescriptionImpl<cricket::AudioCodec>::~MediaContentDescript cricket::AudioContentDescription::~AudioContentDescription cricket::AudioContentDescription::~AudioContentDescription Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=419151:419211 Minimized Testcase (0.14 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97kKi1NvC5_7j5a3c9KVaS8IP-Husehb67PqgkX0-ONTvZy6vEB9P5SCXWPb4lpwUj6FzSfB-qhZ7byNAUr75fY5Ioff7uF1gVufZIDg370Q00w_hg_QiWHZm0EV-xL55QZE4gGSEDSv8US05x8xzHCSXhO6Q?testcase_id=5857065144942592 v=0 o=- 4320 1840 IN IP4 12�.1 s=- t=1 0 0 a=a a=icemantic* WMS m=audiocationo-n 9 DTLS/SCTP 5 0 a=a a=0.- t=1 0 0 a=a a=sctp-porto=- 4320 1840 o= Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 20 2016
,
Sep 20 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 20 2016
,
Sep 28 2016
,
Sep 28 2016
Same root cause as another issue: parsing "sctp-port" in a non-data description.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422768:422805. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5857065144942592 Fuzzer: libfuzzer_sdp_parser_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Heap-buffer-overflow READ 8 Crash Address: 0x608000002110 Crash State: cricket::MediaContentDescriptionImpl<cricket::AudioCodec>::~MediaContentDescript cricket::AudioContentDescription::~AudioContentDescription cricket::AudioContentDescription::~AudioContentDescription Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=419151:419211 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=422768:422805 Minimized Testcase (0.14 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97kKi1NvC5_7j5a3c9KVaS8IP-Husehb67PqgkX0-ONTvZy6vEB9P5SCXWPb4lpwUj6FzSfB-qhZ7byNAUr75fY5Ioff7uF1gVufZIDg370Q00w_hg_QiWHZm0EV-xL55QZE4gGSEDSv8US05x8xzHCSXhO6Q?testcase_id=5857065144942592 v=0 o=- 4320 1840 IN IP4 12�.1 s=- t=1 0 0 a=a a=icemantic* WMS m=audiocationo-n 9 DTLS/SCTP 5 0 a=a a=0.- t=1 0 0 a=a a=sctp-porto=- 4320 1840 o= See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 12 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by penny...@chromium.org
, Sep 19 2016Components: Blink>WebRTC
Labels: Pri-2
Owner: deadbeef@chromium.org
Status: Assigned (was: Untriaged)