New issue
Advanced search Search tips

Issue 715081 link

Starred by 1 user
Status: WontFix
Owner:
palmer@chromium.org
Closed: May 2017
Cc:
mnissler@chromium.org
thestig@chromium.org
jorgelo@chromium.org
och...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in [vdso]

Project Member Reported by ClusterFuzz, Apr 25 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5036468902035456

Fuzzer: ochang_image_mutator
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x00001a000001
Crash State:
  [vdso]
  g_object_ref
  g_slist_foreach
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=455449:455539

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5036468902035456


Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
Project Member

Comment 1 by sheriffbot@chromium.org, Apr 25 2017

Labels: M-59
Project Member

Comment 2 by sheriffbot@chromium.org, Apr 25 2017

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Apr 25 2017

Labels: Pri-1

Comment 4 by palmer@chromium.org, Apr 25 2017

Cc: och...@chromium.org jorgelo@chromium.org mnissler@chromium.org
I take it it's more likely that we have a semi-controlled offset from NULL, than that it's really a kernel bug. :) ochang, is there any way we can get a better stack trace? Adding some Linux friends just in case.
Project Member

Comment 5 by sheriffbot@chromium.org, Apr 26 2017

Labels: M-59

Comment 6 by awhalley@google.com, Apr 26 2017

Labels: -ReleaseBlock-Beta ReleaseBlock-Stable
Project Member

Comment 7 by sheriffbot@chromium.org, Apr 27 2017

Labels: -Security_Impact-Head Security_Impact-Beta

Comment 8 by palmer@chromium.org, Apr 28 2017

Components: Internals>Plugins>PDF
Labels: OS-Android OS-Chrome OS-Mac OS-Windows
Owner: tsepez@chromium.org
Status: Assigned (was: Untriaged)
The only place we support TIFF files is in PDFium, right? And even then, only when XFA is enabled, which is not yet the default, right? If so, this would seem not to be a R-B-S.

tsepez, can you please take a look? Thanks.

Comment 9 by thestig@chromium.org, Apr 28 2017

Cc: thestig@chromium.org

Comment 10 by thestig@chromium.org, Apr 28 2017 

Wait, how is this a PDF bug?

Comment 11 by tsepez@chromium.org, Apr 28 2017

Owner: palmer@chromium.org
I'm not the right person to look at this.  Looks like a gtk issue?

Comment 12 by infe...@chromium.org, May 2 2017

Labels: -OS-Android -OS-Windows -OS-Chrome -OS-Mac
Removing other platforms.

Comment 13 by infe...@chromium.org, May 2 2017

Status: WontFix (was: Assigned)
Not reproducible anymore on CF.
Project Member

Comment 14 by sheriffbot@chromium.org, Aug 9 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment