Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in av_encryption_init_info_add_side_data |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4905442384543744 Fuzzer: libFuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Heap-buffer-overflow WRITE {*} Crash Address: 0x6100000081ac Crash State: av_encryption_init_info_add_side_data mov_read_pssh mov_read_default Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=582254:582257 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4905442384543744 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.
,
Aug 13
Automatically adding ccs based on suspected regression changelists: libavutil/encryption_info: Allow multiple init info. by modmaker@google.com - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/b86c5757a2bf2a589b3982d6b85401165deb4958 avformat/mov: Expose encryption info to the app. by modmaker@google.com - https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/7e22f5d457fa042292741c1f5c38232ba10dbea2 If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.
,
Aug 13
,
Aug 13
The following revision refers to this bug: https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/a69bb2d3a1420cc4eed7b37e99cd3145a091a59d commit a69bb2d3a1420cc4eed7b37e99cd3145a091a59d Author: Jacob Trimble <modmaker@google.com> Date: Mon Aug 13 22:51:47 2018 avutil/encryption_info: Fix size calculation. Bug: 873693 Change-Id: Ibc46ef48e86e38a17f0bb833c1ff972f9dde37d6 Reviewed-on: https://chromium-review.googlesource.com/1173449 Reviewed-by: Dale Curtis <dalecurtis@chromium.org> [modify] https://crrev.com/a69bb2d3a1420cc4eed7b37e99cd3145a091a59d/libavutil/encryption_info.c [modify] https://crrev.com/a69bb2d3a1420cc4eed7b37e99cd3145a091a59d/chromium/patches/README
,
Aug 14
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 14
,
Aug 15
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/316c4b89a0eca5af9c3ba3766c029f62eed5c325 commit 316c4b89a0eca5af9c3ba3766c029f62eed5c325 Author: Dale Curtis <dalecurtis@chromium.org> Date: Wed Aug 15 00:48:11 2018 Roll src/third_party/ffmpeg/ 5659adb8f..ddbe19a87 (2 commits) https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+log/5659adb8fc6f..ddbe19a87228 $ git log 5659adb8f..ddbe19a87 --date=short --no-merges --format='%ad %ae %s' 2018-08-14 modmaker avformat/mov: Allow saio/saiz in clear content. 2018-08-13 modmaker avutil/encryption_info: Fix size calculation. Created with: roll-dep src/third_party/ffmpeg Bug: 873432 , 873693 Change-Id: I2d15352a47c30de4bf75df064388a8d3803930c2 Tbr: tguilbert Reviewed-on: https://chromium-review.googlesource.com/1175147 Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Reviewed-by: Thomas Guilbert <tguilbert@chromium.org> Commit-Queue: Dale Curtis <dalecurtis@chromium.org> Cr-Commit-Position: refs/heads/master@{#583108} [modify] https://crrev.com/316c4b89a0eca5af9c3ba3766c029f62eed5c325/DEPS
,
Aug 15
ClusterFuzz has detected this issue as fixed in range 583105:583110. Detailed report: https://clusterfuzz.com/testcase?key=4905442384543744 Fuzzer: libFuzzer_media_pipeline_integration_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Heap-buffer-overflow WRITE {*} Crash Address: 0x6100000081ac Crash State: av_encryption_init_info_add_side_data mov_read_pssh mov_read_default Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=582254:582257 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=583105:583110 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4905442384543744 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 15
ClusterFuzz testcase 4905442384543744 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 15
,
Aug 15
,
Nov 21
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Aug 13Labels: Test-Predator-Auto-Components