Issue metadata
Sign in to add a comment
|
Yasm - heap-buffer-overflow and stack-overflow
Reported by
gy741....@gmail.com,
Dec 10 2017
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG SM-J510K/KKU1AQK1 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/6.2 Chrome/56.0.2924.87 Mobile Safari/537.36 Steps to reproduce the problem: 1. PoC Download 2. ./yasm $PoC 3. What is the expected behavior? What went wrong? Hello. I found a yasm bug. Is the yasm bug in the scope of impact? chromium third_party has yasm. Thanks. Ref : https://github.com/yasm/yasm/issues/98 https://github.com/yasm/yasm/issues/99 Did this work before? N/A Chrome version: 56.0.2924.87 Channel: n/a OS Version: Flash Version:
,
Dec 11 2017
Yasm is only used as part of the build process. It only processes things in a yasm_assemble() GN block AFAIK, so it depends on whether you consider our checked in code untrusted or not :)
,
Dec 11 2017
Thanks for reporting this issue to us and to the upstream maintainers. Because of the limited way in which Chromium is using yasm, we do not need to pick up a fix with any urgency; we'll get the update after the fix is available upstream. Thanks again!
,
Mar 20 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Dec 11 2017Summary: Yasm - heap-buffer-overflow and stack-overflow (was: Yasm bug )