New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 668017 link

Starred by 1 user

Issue metadata

Status: Verified
Owner:
ex-Googler
Closed: Mar 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in computeYMD

Project Member Reported by ClusterFuzz, Nov 23 2016

Issue description

Comment 1 by ajha@chromium.org, Nov 23 2016

Labels: M-55
Cc: brajkumar@chromium.org
Labels: Test-Predator-Wrong
Owner: mmoroz@chromium.org
Status: Assigned (was: Untriaged)
Find it and CL did not provide any possible suspect.
Using code search for file "sqlite3_prepare_v2_fuzzer.cc" from frame #5 suspecting the below change
Review URL: https://codereview.chromium.org/2497603002

mmoroz@ - Observed some changes on this file so assigning to you, could you please check if this is caused with respect to your change, if not please help us in reassign the issue to the right owner.

Thanks!

Comment 3 by mmoroz@chromium.org, Jan 18 2017

Owner: sh...@chromium.org
shess@, mind taking a look?

Comment 4 by sh...@chromium.org, Jan 18 2017

Huh, I remember analyzing one of these in computeYMD, but I can't find the results anywhere.

This calls datE(00000000000000000000000000000002148480359), which is going to have some insane results (it's like 5M years).  dateFunc() returns results as a string via snprintf(), so I don't think these can leak out in untoward fashion.  SQLite trunk has various numeric limits in place to protect against egregious year counts, presumably because of clusterfuzz results, so it will clear up when I import a new release (we're about due).
Project Member

Comment 5 by ClusterFuzz, Mar 21 2017

Project Member

Comment 6 by ClusterFuzz, Mar 21 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 5217030656753664 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment