Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in base::Pickle::WriteBytes |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5272280965054464 Fuzzer: svg_xml_tokenfuzz Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: base::Pickle::WriteBytes IPC::ParamTraits<PrintMsg_Print_Params>::Write printing::PrintingMessageFilter::OnGetDefaultPrintSettingsReply Recommended Security Severity: Low Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=427353:427578 Minimized Testcase (0.18 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96OeSq62o_8Ajx4SD8PZwOJiZ5giFbJ_P7X23upO7TL2tbHFgM992H74Jp-2Gp0ezU3vegB-vtpXMuSeW_EyudrILl73Voph5H8KYW28dcq0KpqbMYJe4wmCIwILRDH5dSC4vATtCBnbv7D241f2VAKxaImyw?testcase_id=5272280965054464 Additional requirements: Requires Gestures Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Oct 27 2016
,
Oct 28 2016
tzik@ I wonder if you can take a look at this. I'm not sure. It might come from this CL (https://chromium.googlesource.com/chromium/src/+/27d1e313968955f1a120b65b31e316263365b1b3). But I'm not sure. Thanks
,
Oct 28 2016
It's more likely r427556 format to initialize a member variable in PrintMsg_Print_Params. I'll double check and confirm in a bit.
,
Oct 28 2016
The uninitialized variable is |scale_factor_| in printing/print_settings.h.
,
Oct 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/614913eb9d85a921dc84ee66d72e128af2c23f3a commit 614913eb9d85a921dc84ee66d72e128af2c23f3a Author: rbpotter <rbpotter@chromium.org> Date: Fri Oct 28 23:59:48 2016 Fix uninitialized memory bug from scaling addition |scale_factor_| was not initialized in PrintSettings::Clear() function like the other elements of PrintSettings. Fixed by initializing the value to default (1.0). Uninitialized value was introduced in commit https://chromium.googlesource.com/chromium/src/+/769ffdf779d83399a6f219e2637c6469ab94da0e BUG= 659594 Review-Url: https://codereview.chromium.org/2461083002 Cr-Commit-Position: refs/heads/master@{#428550} [modify] https://crrev.com/614913eb9d85a921dc84ee66d72e128af2c23f3a/printing/print_settings.cc
,
Oct 29 2016
ClusterFuzz has detected this issue as fixed in range 428482:428589. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5272280965054464 Fuzzer: svg_xml_tokenfuzz Job Type: linux_msan_chrome Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: base::Pickle::WriteBytes IPC::ParamTraits<PrintMsg_Print_Params>::Write printing::PrintingMessageFilter::OnGetDefaultPrintSettingsReply Recommended Security Severity: Low Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=427353:427578 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_chrome&range=428482:428589 Minimized Testcase (0.18 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96OeSq62o_8Ajx4SD8PZwOJiZ5giFbJ_P7X23upO7TL2tbHFgM992H74Jp-2Gp0ezU3vegB-vtpXMuSeW_EyudrILl73Voph5H8KYW28dcq0KpqbMYJe4wmCIwILRDH5dSC4vATtCBnbv7D241f2VAKxaImyw?testcase_id=5272280965054464 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 29 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 29 2016
,
Feb 4 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Oct 26 2016