Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in xmlParseNameComplex |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5023106596077568 Fuzzer: afl_libxml_xml_read_memory_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60400000011f Crash State: xmlParseNameComplex xmlParseName xmlParseElementDecl Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=419709:419768 Minimized Testcase (0.11 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94gWJiFbEHWwiYAnQkoRZ4_wi7j5dXFAooX99l1jCUJ93CYmCIBWgigB8enGH2gkYrnAcRCGltylS788OEqDK340Gx33Al7CJIOn9nyMMd4s2hIA_ELsaUzgauUy1FovFAL-Q8_-OPvNrTkepyx_Ehc48RFZwSIRyh_rf3VdAz8txX6Z3y1pDKuGVXdGtsOwjZ58QwhfYN9uYn80ahjG85-korhj8CWolZXpZffpimIe5H-b8snvTB4pfIKV9eJl7KOs29FywTXzWZillOFSHvfx3xEpVld8IaWpQIb7nAy8JwqvtJ820zC1O9BCjwxq-WPPAlSIosb5THzpgK8xSiYg2UTBdnQTVyWIHdeKXni_3dXisDgf7tCjWNDJfwIwZaMzBwcKZ3CNeFYFgzEL1gHV4dsRw?testcase_id=5023106596077568 <!DOCTYPE test [ <!ENTITY % xx ' <!ELEMENT dÚčtoY%zz;'> <!ENTITY % zz ' #60;!ENTIT_<?xDOaDdress?>' > %xx; Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jan 12 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 12 2017
,
Jan 13 2017
dominicc: Could you take a look at this when you get a chance?
,
Jan 18 2017
ClusterFuzz has detected this issue as fixed in range 443963:443986. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5023106596077568 Fuzzer: afl_libxml_xml_read_memory_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60400000011f Crash State: xmlParseNameComplex xmlParseName xmlParseElementDecl Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=419709:419768 Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=443963:443986 Minimized Testcase (0.11 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv94gWJiFbEHWwiYAnQkoRZ4_wi7j5dXFAooX99l1jCUJ93CYmCIBWgigB8enGH2gkYrnAcRCGltylS788OEqDK340Gx33Al7CJIOn9nyMMd4s2hIA_ELsaUzgauUy1FovFAL-Q8_-OPvNrTkepyx_Ehc48RFZwSIRyh_rf3VdAz8txX6Z3y1pDKuGVXdGtsOwjZ58QwhfYN9uYn80ahjG85-korhj8CWolZXpZffpimIe5H-b8snvTB4pfIKV9eJl7KOs29FywTXzWZillOFSHvfx3xEpVld8IaWpQIb7nAy8JwqvtJ820zC1O9BCjwxq-WPPAlSIosb5THzpgK8xSiYg2UTBdnQTVyWIHdeKXni_3dXisDgf7tCjWNDJfwIwZaMzBwcKZ3CNeFYFgzEL1gHV4dsRw?testcase_id=5023106596077568 <!DOCTYPE test [ <!ENTITY % xx ' <!ELEMENT dÚčtoY%zz;'> <!ENTITY % zz ' #60;!ENTIT_<?xDOaDdress?>' > %xx; See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 18 2017
ClusterFuzz testcase 5023106596077568 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jan 18 2017
,
Jan 27 2017
,
Feb 3 2017
Issue 683629 has been merged into this issue.
,
Feb 9 2017
,
Apr 26 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jan 12 2017