New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 805119 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner:
Closed: Feb 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: heap-buffer-overflow in libart-compiler.so for chrome app

Project Member Reported by tkensinger@google.com, Jan 23 2018

Issue description

***Reporting this on behalf of Qualcomm: Orignal report can be seen @ https://buganizer.corp.google.com/issues/64504320***

AddressSanitizer is throwing error for PID 6367 , PID 6399  ...  
Please find the attached logs as well. Reported on 7.1.1. 

04-03 13:17:32.865  6367  6373 I         : ==6367==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb0ab3e48 at pc 0xe64595d0 bp 0xbd207018 sp 0xbd206be4
04-03 13:17:35.998  6399  6404 I         : ==6399==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb0ab4a48 at pc 0xe64595d0 bp 0xbd207018 sp 0xbd206be4
04-03 13:17:38.061  6424  6429 I         : ==6424==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb0ab5648 at pc 0xe64595d0 bp 0xbd207018 sp 0xbd206be4
04-03 13:17:52.556  6446  6451 I         : ==6446==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb0ab6248 at pc 0xe64595d0 bp 0xbd207018 sp 0xbd206be4

These are Chrome app PIDs.

04-03 13:17:32.100  1688  2759 I am_proc_start: [0,6367,10119,com.android.chrome,activity,com.android.chrome/com.google.android.apps.chrome.Main]
04-03 13:17:32.128  1688  2623 I am_proc_bound: [0,6367,com.android.chrome]
04-03 13:17:35.441  1688  2760 I am_proc_died: [0,6367,com.android.chrome]

04-03 13:17:35.512  1688  2760 I am_proc_start: [0,6399,10119,com.android.chrome,activity,com.android.chrome/com.google.android.apps.chrome.Main]
04-03 13:17:35.585  1688  2729 I am_proc_bound: [0,6399,com.android.chrome]
04-03 13:17:37.306  1688  2730 I am_proc_died: [0,6399,com.android.chrome]

procedure to reproduce: 
1. Enable ASAN on 7.1.1 build 

2.Run Monkey tests

3.Device will crash and analyze logcat logs we can able to see Error as we mentioned in subject.


monkey command used: 
adb shell monkey -v -s 100 --ignore-crashes --ignore-timeouts --ignore-security-exceptions --throttle 500 1000000000 

build: 
This issue reported on 7.1.1 version. I may not be able to share the exact build used as that is internal to qualcomm. 

 
Complete_Logs_19700101000813.zip
1.5 MB Download

Comment 2 by mea...@chromium.org, Jan 24 2018

Labels: OS-Android
Owner: aluo@chromium.org
aluo: Can you please take a look? Thanks.

Comment 3 by mea...@chromium.org, Jan 29 2018

Cc: glider@chromium.org yfried...@chromium.org digit@chromium.org
Adding some more folks (apologies if this isn't your area). Not sure what component this should go into.

Comment 4 by glider@chromium.org, Jan 30 2018

Cc: mbarbe...@chromium.org infe...@chromium.org euge...@chromium.org

Comment 5 by palmer@chromium.org, Jan 30 2018

Cc: awhalley@chromium.org
Components: Internals
Status: Assigned (was: Unconfirmed)
This is a bug in libart, right? It's just Chrome that's triggering it? I'm not sure this is our bug to track.
Status: WontFix (was: Assigned)
Per https://buganizer.corp.google.com/issues/64504320#comment15, WontFizing. This is a libart bug that Chrome is tickling.
Project Member

Comment 7 by sheriffbot@chromium.org, May 12 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment