New issue
Advanced search Search tips

Issue 868754 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 30
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

stack overflow during XSLT processing

Reported by xshadow...@gmail.com, Jul 30 
VULNERABILITY DETAILS
It seems a stack overflow during XSLT processing.This crash was found by my fuzz tool.

VERSION
Chrome Version: [68.0.3440.75] + [stable]
Operating System: [win7 x64]

REPRODUCTION CASE
The attachment contains the poc file and dump file and the binary file
chrome.rar
26.0 MB Download
Project Member

Comment 1 by ClusterFuzz, Jul 30 

ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://clusterfuzz.com/testcase?key=6118419699859456.
Project Member

Comment 2 by ClusterFuzz, Jul 30

Labels: Security_Impact-Head
Summary: <no crash state available> (was: Security: stack overflow during XSLT processing)
Testcase 6118419699859456 failed to reproduce the crash. Please inspect the program output at https://clusterfuzz.com/testcase?key=6118419699859456.

Comment 3 by aarya@google.com, Jul 30

Summary: stack overflow during XSLT processing (was: <no crash state available>)

Comment 4 by mbarbe...@chromium.org, Jul 30

Status: WontFix (was: Unconfirmed)
Though this is reporting template recursion, it seems that it's detected and handled by libxslt. Even so, we don't generally consider stack overflows to be security bugs.
Project Member

Comment 5 by sheriffbot@chromium.org, Nov 6

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment