Heap-use-after-free in ui::I18nSourceStream::FilterData |
||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4995352592384000 Fuzzer: phoglund_webrtc_peerconnection Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0xd397f5a8 Crash State: ui::I18nSourceStream::FilterData net::FilterSourceStream::DoFilterData net::FilterSourceStream::DoLoop Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=575072:575074 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4995352592384000 Additional requirements: Requires Gestures Additional requirements: Requires HTTP Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Jul 18
,
Jul 18
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 18
,
Jul 18
dschuyler@ Could you take a look or help find an owner? It looks like you were the last person to change the logic in https://cs.chromium.org/chromium/src/ui/base/webui/i18n_source_stream.cc?l=63 (in https://codereview.chromium.org/2601313002). The caller in this stacktrace is https://cs.chromium.org/chromium/src/net/filter/filter_source_stream.cc?q=net/filter/filter_source_stream.cc:157&sq=package:chromium&g=0&l=157. The clusterfuzz regression range is not helpful unfortunately. (Applying labels: I think this affects all platforms.)
,
Jul 25
,
Jul 31
,
Aug 2
ClusterFuzz has detected this issue as fixed in range 579993:579994. Detailed report: https://clusterfuzz.com/testcase?key=4995352592384000 Fuzzer: phoglund_webrtc_peerconnection Job Type: linux_asan_chrome_v8_arm Platform Id: linux Crash Type: Heap-use-after-free READ 4 Crash Address: 0xd397f5a8 Crash State: ui::I18nSourceStream::FilterData net::FilterSourceStream::DoFilterData net::FilterSourceStream::DoLoop Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=575072:575074 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_v8_arm&range=579993:579994 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4995352592384000 Additional requirements: Requires Gestures Additional requirements: Requires HTTP See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 7
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by ClusterFuzz
, Jul 18Labels: Test-Predator-Auto-Components