Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in mov_read_saio |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5037922353676288 Fuzzer: inferno_flicker Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Heap-buffer-overflow WRITE 8 Crash Address: 0x1198cf1d4b60 Crash State: mov_read_saio mov_read_default mov_read_default Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=560370:560384 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5037922353676288 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
May 27 2018
Automatically adding ccs based on suspected regression changelists: avformat/mov: Fix parsing of saio/siaz atoms in encrypted content. by modmaker@google.com - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/e5ba5fab493bd2edb24da47940626b024ebd0371 avformat/mov: Increase support for common encryption. by modmaker@google.com - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/f7221d8e670ec05471a16cc4cc1cc8e0040b5b5f If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
May 27 2018
,
May 27 2018
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 27 2018
,
May 30 2018
,
May 30 2018
modmaker: Can you please take a look?
,
Jun 2 2018
,
Jun 4 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/5e5a8e81925df95a88356b410c1374b33b920455 commit 5e5a8e81925df95a88356b410c1374b33b920455 Author: Jacob Trimble <modmaker@google.com> Date: Mon Jun 04 21:20:16 2018 Fix heap buffer overflow. Bug: 847060 Bug: 849062 Change-Id: Ibf18b3c0fd375ddd09addb019888bdd6ec576355 Reviewed-on: https://chromium-review.googlesource.com/1081148 Reviewed-by: Frank Liberato <liberato@chromium.org> [modify] https://crrev.com/5e5a8e81925df95a88356b410c1374b33b920455/libavformat/mov.c [modify] https://crrev.com/5e5a8e81925df95a88356b410c1374b33b920455/chromium/patches/README
,
Jun 5 2018
,
Jun 6 2018
,
Jun 8 2018
,
Jun 8 2018
This bug requires manual review: M68 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), kariahda@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 8 2018
ClusterFuzz has detected this issue as fixed in range 565373:565374. Detailed report: https://clusterfuzz.com/testcase?key=5037922353676288 Fuzzer: inferno_flicker Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Heap-buffer-overflow WRITE 8 Crash Address: 0x12a26f654b60 Crash State: mov_read_saio mov_read_default mov_read_default Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=560370:560384 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=565373:565374 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5037922353676288 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 8 2018
ClusterFuzz testcase 5037922353676288 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 8 2018
Approved. branch:3440
,
Jun 12 2018
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 18 2018
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 18 2018
Pls merge you change to M68 branch 3440 ASAP so we can pick it up for this week Beta release. Merge has to happen latest by 1:00 PM PT tomorrow, Tuesday (06/19), so we can pick it up for Wednesday Beta release.
,
Jul 3
ping - has this been merged to 68?
,
Jul 3
Yes, it was merged as part of issue 849062
,
Jul 3
Hi modmaker@ - are you able to do the merge here?
,
Jul 3
,
Jul 3
Sorry, comment racing (not sure why it let me do that!)
,
Sep 12
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, May 27 2018Labels: Test-Predator-Auto-Components