Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in xmlSAX2TextNode |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5091504392765440 Fuzzer: libFuzzer_libxml_xml_read_memory_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x603000000eff Crash State: xmlSAX2TextNode xmlSAX2AttributeNs xmlSAX2StartElementNs Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=480710:480765 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5091504392765440 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 27 2017
,
Jul 27 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 27 2017
,
Jul 28 2017
,
Aug 8 2017
This bears a superficial resemblance to Issue 749397 .
,
Aug 9 2017
[Bulk Edit] URGENT - PTAL. Your bug is labelled as M61 Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch ASAP. Know that this issue shouldn't block the release? Remove the ReleaseBlock-Stable label. Thank you.
,
Aug 10 2017
Given this passes through here: https://chromium.googlesource.com/chromium/src/+/67d19ec113dae3c7ff99374085eb3240b0d4cfd9/third_party/libxml/src/parser.c#9793 I'm pretty sure this is a dup of Issue 749397 . I have checked locally and the patch up at https://chromium-review.googlesource.com/c/609563 also fixes this.
,
Aug 14 2017
ClusterFuzz has detected this issue as fixed in range 494006:494012. Detailed report: https://clusterfuzz.com/testcase?key=5091504392765440 Fuzzer: libFuzzer_libxml_xml_read_memory_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x603000000eff Crash State: xmlSAX2TextNode xmlSAX2AttributeNs xmlSAX2StartElementNs Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=480710:480765 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=494006:494012 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5091504392765440 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 20 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by vakh@chromium.org
, Jul 27 2017Owner: dominicc@chromium.org
Status: Assigned (was: Untriaged)