Issue metadata
Sign in to add a comment
|
Bad-cast to net::(anonymous namespace)::DnsAttempt from invalid vptr in net::DnsTransactionImpl::DoCallback |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6123939071000576 Fuzzer: libFuzzer_net_host_resolver_impl_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Bad-cast Crash Address: 0x34c8fbb7a080 Crash State: Bad-cast to net::(anonymous namespace)::DnsAttempt from invalid vptr net::DnsTransactionImpl::DoCallback base::OnceCallback<void Sanitizer: undefined (UBSAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=518423:518471 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6123939071000576 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Nov 22 2017
Hi lassey@, could you take a look whether it is related to your latest change https://chromium-review.googlesource.com/c/chromium/src/+/562037 ? Thanks!
,
Nov 23 2017
,
Nov 23 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 25 2017
+awhalley@
,
Nov 27 2017
,
Dec 4 2017
As with Issue 788131 , this looks like memory corruption in a privileged process, hence Critical. And presumably it affects all our net/-using platforms? This might even be a duplicate of Issue 788131 ? If so, feel free to dupe this one into that one.
,
Dec 4 2017
Argh. I'm not sure yet, but this is more likely to be another case of issue 779589 than anything related to Brad's change. I'll go ahead and assign them both to myself.
,
Dec 4 2017
,
Dec 5 2017
ClusterFuzz has detected this issue as fixed in range 521610:521620. Detailed report: https://clusterfuzz.com/testcase?key=6123939071000576 Fuzzer: libFuzzer_net_host_resolver_impl_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Bad-cast Crash Address: 0x34c8fbb7a080 Crash State: Bad-cast to net::(anonymous namespace)::DnsAttempt from invalid vptr net::DnsTransactionImpl::DoCallback base::OnceCallback<void Sanitizer: undefined (UBSAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=518423:518471 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=521610:521620 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6123939071000576 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 13 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Nov 22 2017Labels: Test-Predator-Auto-Components