Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in CGifLZWDecoder::ClearTable |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5353555742687232 Fuzzer: libfuzzer_pdf_codec_gif_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address: 0x62a000005232 Crash State: CGifLZWDecoder::ClearTable gif_load_frame CCodec_GifModule::LoadFrame Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=423381:423433 Minimized Testcase (0.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94D528MopJ3oadRTnQeu9PUjza2EUCxQMHO0diOvb0Oo2bK7flGDJ8NbNpq4Iwa4T_ir-oOPsEB7pP6rT8KD0q1vfqJvVfBEXueb9mW_iRRKew5-tHGRZvmIr54bgzGTXDoIe400Yk88NwwZDZhADJR9RKtrS8BzfuM1gCE_e1tmHDav7zl1GqTMG6X-3owQpKEJNbDzCs_Os8fHGvSE3bX0aLNsjZQ2C7aci2O_eEQfD850NrjcEQFk4iO7OTtyU2RYVlmpQsE5qkC0EnkHYdjmIlA9qrlqbEjtFebCwBMfK6fLT3yt0ZZPj9ictHDVry2ODtHrW3r_3-D4grIZawiKb7IWefppsDUp6h1YRTnhhAMq6NQD3tHWVfObuzRx_j_33O57IIqwIUx1dAxntSctfZa_Q?testcase_id=5353555742687232 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jan 13 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 13 2017
,
Jan 13 2017
dsinclair: Could you take a look when you get a chance?
,
Jan 14 2017
,
Jan 16 2017
,
Feb 28 2017
ClusterFuzz has detected this issue as fixed in range 453265:453313. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5353555742687232 Fuzzer: libfuzzer_pdf_codec_gif_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address: 0x62a000005232 Crash State: CGifLZWDecoder::ClearTable gif_load_frame CCodec_GifModule::LoadFrame Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=423381:423433 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=453265:453313 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97dchUKEwDuNBBWYgOGl5YrLgOwb1RKkai-YHhVimf2hCPzGCKqYean6RB0f712Sx_mFFtTdLG7SAvaTOzAjV3bCPQSFybUV5HUFnkLMPjKCLc0DC0s1dnT5DezMtSdRcI9wnCKnyr1sa8w4FfTlOmAiQMDMgSMW1B1J1Jod9Xw7k9mRbjRndm1uHE_e8Nel_PaFNM-aOm9qvvhKEMD3gqysaeyuo9bOO540f1-MdH_6tLjkDh-MEd1xDU9ayqJfmaBa0L5B3qesetOw9IwIBZKUKermVPO29Qdf5z2R7DoYCyO7q3I9HOVL8C5wNEzBuvnxe9_n72wkMb2VthNpVQ-ZxVufO-1rznW63GmvaEKcmh2D4Q?testcase_id=5353555742687232 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 28 2017
ClusterFuzz testcase 5353555742687232 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 1 2017
,
Jun 7 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Jan 13 2017