Issue 833165 link

Starred by 2 users

Issue metadata

Status:	WontFix
Owner:	infe...@chromium.org
Closed:	Apr 2018
Cc:	vakh@chromium.org mac-bugs-priority@chromium.org
Components:	Services>Safebrowsing
EstimatedDays:	----
NextAction:	----
OS:	Mac
Pri:	1
Type:	Bug-Security
Reproducible Stability-Memory-AddressSanitizer Security_Impact-Head Stability-Libfuzzer Security_Severity-High ReleaseBlock-Stable allpublic Clusterfuzz M-67

Allocator is out of memory trying to allocate 0x9a9a9a9a000000 bytes in safe_browsing::dmg::HFSForkReadStream::Read

Project Member Reported by ClusterFuzz, Apr 15 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=4877677027393536

Fuzzer: libFuzzer_safe_browsing_hfs_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Allocator is out of memory trying to allocate 0x9a9a9a9a000000 bytes
Crash Address: 
Crash State:
  safe_browsing::dmg::HFSForkReadStream::Read
  safe_browsing::dmg::ReadStream::ReadExact
  safe_browsing::dmg::HFSBTreeIterator::Init
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=550594:550718

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4877677027393536

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

Project Member

Comment 1 by sheriffbot@chromium.org, Apr 16 2018

Labels: M-67

Project Member

Comment 2 by sheriffbot@chromium.org, Apr 16 2018

Labels: ReleaseBlock-Stable

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 3 by sheriffbot@chromium.org, Apr 16 2018

Labels: Pri-1

Comment 4 by erikc...@chromium.org, Apr 16 2018

 Issue 833225  has been merged into this issue.

Comment 5 by erikc...@chromium.org, Apr 16 2018

 Issue 833236  has been merged into this issue.

Comment 6 by erikc...@chromium.org, Apr 16 2018

 Issue 833244  has been merged into this issue.

Comment 7 by erikc...@chromium.org, Apr 16 2018

Components: Services>Safebrowsing
Owner: nparker@chromium.org
Status: Assigned (was: Untriaged)

Comment 8 by infe...@chromium.org, Apr 16 2018

Owner: infe...@chromium.org
Status: WontFix (was: Assigned)

This needed a parsing fix on ClusterFuzz side. Closing this. Fix is in, if you see similar testcases, just duplicate to this bug.

Project Member

Comment 9 by sheriffbot@chromium.org, Jul 24

Labels: -Restrict-View-SecurityTeam allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 833165 link

Issue metadata

Allocator is out of memory trying to allocate 0x9a9a9a9a000000 bytes in safe_browsing::dmg::HFSForkReadStream::Read

Issue description

Comment 1 by sheriffbot@chromium.org, Apr 16 2018

Comment 1 Deleted

Comment 2 by sheriffbot@chromium.org, Apr 16 2018

Comment 2 Deleted

Comment 3 by sheriffbot@chromium.org, Apr 16 2018

Comment 3 Deleted

Comment 4 by erikc...@chromium.org, Apr 16 2018

Comment 4 Deleted

Comment 5 by erikc...@chromium.org, Apr 16 2018

Comment 5 Deleted

Comment 6 by erikc...@chromium.org, Apr 16 2018

Comment 6 Deleted

Comment 7 by erikc...@chromium.org, Apr 16 2018

Comment 7 Deleted

Comment 8 by infe...@chromium.org, Apr 16 2018

Comment 8 Deleted

Comment 9 by sheriffbot@chromium.org, Jul 24

Comment 9 Deleted

Sign in to add a comment