Integer-overflow in dmg_fp::strtod |
|||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5426205378740224 Fuzzer: libfuzzer_string_to_int_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: dmg_fp::strtod base::StringToDouble _start Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=397693:397764 Minimized Testcase (0.08 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96LPYG97RYE_MQuv9puCkw69CTrfecNf3sus0iucnIKOCRtqrf2SLbtWCb_h2diLAbQVsNo4mfY679hBQ9SyUzwid13ipr92KhloejCntSnUySA_eful26dlgGjx3d9z4H7cPO_ryWbkCUSmSvyo7RHw8dlbg?testcase_id=5426205378740224 000013313e214748360101533561018060000060000153353101906040001000040022504e2509 Additional requirements: Requires Gestures Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 26 2016
,
Oct 26 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/46a480d09ec3eaa4d5634bc9076b981e867b4ab8 commit 46a480d09ec3eaa4d5634bc9076b981e867b4ab8 Author: kcwu <kcwu@chromium.org> Date: Wed Oct 26 18:22:50 2016 Fix integer-overflow in dmg_fp::strtod This is fixup of commit 094232aa BUG= 659220 Review-Url: https://codereview.chromium.org/2451573005 Cr-Commit-Position: refs/heads/master@{#427751} [modify] https://crrev.com/46a480d09ec3eaa4d5634bc9076b981e867b4ab8/base/third_party/dmg_fp/dtoa.cc [modify] https://crrev.com/46a480d09ec3eaa4d5634bc9076b981e867b4ab8/base/third_party/dmg_fp/exp_length.patch
,
Oct 26 2016
,
Oct 27 2016
ClusterFuzz has detected this issue as fixed in range 427738:427783. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5426205378740224 Fuzzer: libfuzzer_string_to_int_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: dmg_fp::strtod base::StringToDouble _start Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=397693:397764 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=427738:427783 Minimized Testcase (0.08 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv96LPYG97RYE_MQuv9puCkw69CTrfecNf3sus0iucnIKOCRtqrf2SLbtWCb_h2diLAbQVsNo4mfY679hBQ9SyUzwid13ipr92KhloejCntSnUySA_eful26dlgGjx3d9z4H7cPO_ryWbkCUSmSvyo7RHw8dlbg?testcase_id=5426205378740224 000013313e214748360101533561018060000060000153353101906040001000040022504e2509 Additional requirements: Requires Gestures See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by mummare...@chromium.org
, Oct 26 2016Labels: M-55 Te-Logged
Owner: kcwu@chromium.org
Status: Assigned (was: Untriaged)