New issue
Advanced search Search tips

Issue 715081 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: May 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Security



Sign in to add a comment

Crash in [vdso]

Project Member Reported by ClusterFuzz, Apr 25 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5036468902035456

Fuzzer: ochang_image_mutator
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x00001a000001
Crash State:
  [vdso]
  g_object_ref
  g_slist_foreach
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=455449:455539

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5036468902035456


Additional requirements: Requires Gestures

Issue filed automatically.

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Project Member

Comment 1 by sheriffbot@chromium.org, Apr 25 2017

Labels: M-59
Project Member

Comment 2 by sheriffbot@chromium.org, Apr 25 2017

Labels: ReleaseBlock-Beta
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by sheriffbot@chromium.org, Apr 25 2017

Labels: Pri-1

Comment 4 by palmer@chromium.org, Apr 25 2017

Cc: och...@chromium.org jorgelo@chromium.org mnissler@chromium.org
I take it it's more likely that we have a semi-controlled offset from NULL, than that it's really a kernel bug. :) ochang, is there any way we can get a better stack trace? Adding some Linux friends just in case.
Project Member

Comment 5 by sheriffbot@chromium.org, Apr 26 2017

Labels: M-59

Comment 6 by awhalley@google.com, Apr 26 2017

Labels: -ReleaseBlock-Beta ReleaseBlock-Stable
Project Member

Comment 7 by sheriffbot@chromium.org, Apr 27 2017

Labels: -Security_Impact-Head Security_Impact-Beta

Comment 8 by palmer@chromium.org, Apr 28 2017

Components: Internals>Plugins>PDF
Labels: OS-Android OS-Chrome OS-Mac OS-Windows
Owner: tsepez@chromium.org
Status: Assigned (was: Untriaged)
The only place we support TIFF files is in PDFium, right? And even then, only when XFA is enabled, which is not yet the default, right? If so, this would seem not to be a R-B-S.

tsepez, can you please take a look? Thanks.
Cc: thestig@chromium.org
Wait, how is this a PDF bug?
Owner: palmer@chromium.org
I'm not the right person to look at this.  Looks like a gtk issue?
Labels: -OS-Android -OS-Windows -OS-Chrome -OS-Mac
Removing other platforms.
Status: WontFix (was: Assigned)
Not reproducible anymore on CF.
Project Member

Comment 14 by sheriffbot@chromium.org, Aug 9 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment