New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 677863 link

Starred by 1 user
Status: Fixed
Owner:
eroman@chromium.org
Closed: Jan 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Integer-overflow in net::ParseVmsFilesize

Project Member Reported by ClusterFuzz, Jan 3 2017

Comment 1 by msrchandra@chromium.org, Jan 4 2017

Cc: msrchandra@chromium.org maksim.sisov@chromium.org
Components: Internals>Network
Labels: Test-Predator-Wrong-CLs
Owner: eroman@chromium.org
Status: Assigned (was: Untriaged)
Find it and CL did not provide any possible suspect.
Using Code Search for the file, "ftp_directory_listing_parser_vms.cc" assigning to the concern owner.

Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/27f05072359d1862332f695ef9530f5f19da8b76

@eroman -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by eroman@chromium.org, Jan 4 2017 

Not caused by my change, but I can fix this.

Comment 3 by eroman@chromium.org, Jan 4 2017

Cc: -maksim.sisov@chromium.org

Comment 4 by eroman@chromium.org, Jan 4 2017

Components: -Internals>Network Internals>Network>FTP

Comment 5 by eroman@chromium.org, Jan 4 2017

Status: Started (was: Assigned)
https://codereview.chromium.org/2611933003/
Project Member

Comment 6 by bugdroid1@chromium.org, Jan 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6d16eeca1aeace6b17e8d668f887fcc810a218ef

commit 6d16eeca1aeace6b17e8d668f887fcc810a218ef
Author: eroman <eroman@chromium.org>
Date: Wed Jan 04 21:37:47 2017

Avoid signed integer overflow when calculating filesizes for VMS's ftp listings.

BUG= 677863 

Review-Url: https://codereview.chromium.org/2611933003
Cr-Commit-Position: refs/heads/master@{#441471}

[modify] https://crrev.com/6d16eeca1aeace6b17e8d668f887fcc810a218ef/net/ftp/ftp_directory_listing_parser_vms.cc
[modify] https://crrev.com/6d16eeca1aeace6b17e8d668f887fcc810a218ef/net/ftp/ftp_directory_listing_parser_vms_unittest.cc

Comment 7 by eroman@chromium.org, Jan 4 2017

Status: Fixed (was: Started)
Project Member

Comment 8 by ClusterFuzz, Jan 5 2017 

ClusterFuzz has detected this issue as fixed in range 441406:441478.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6058097937481728

Fuzzer: libfuzzer_net_ftp_directory_listing_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  net::ParseVmsFilesize
  net::ParseFtpDirectoryListingVms
  net::ParseListing
  
Sanitizer: undefined (UBSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=423338:423416
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=441406:441478

Minimized Testcase (1.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv9447_QhPQYoYMq47Lx6mJCVze6gYoAd8N9_6fNJLksSRxQtyjGmFsdoz22z_V57I4o1_jbRYY0h99J4tEgGMCDpckUq6iM5wTkhDUsgvv-KF0_z_YuHDbbGNdFOeTgqUhYgc09X5g_SIg89-amNXKPviJ7aTOcFL8dfR7MxWMZ13zE3f0fP__C3kjSxAesWvI026i80R_w0tTjSaB2QLWjFOWgb5VKfXg0byPSVkclrLNfyZqF9mLRPoBWMgWSPLqpW6q6wLUlsAjgFF61J6cTqKXCjSL_U80Vo9RxkKk-Gz0DzzPvZ1YBTKCKqGB1SZ51ofOSf08JdB0eA7CQjUQ72KbL4xtPrqKCCUD8SP3fMSIeOwY8?testcase_id=6058097937481728

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment