Issue 915647 link

Starred by 2 users

Issue metadata

Status:	Available
Owner:	----
Cc:	amistry@chromium.org yawano@chromium.org
Components:	Platform>Apps>FileManager
EstimatedDays:	----
NextAction:	----
OS:	Linux , Chrome
Pri:	2
Type:	Bug
Reproducible Stability-Libfuzzer Clusterfuzz Stability-UndefinedBehaviorSanitizer CrOSFilesFeature-Zip ClusterFuzz-Auto-CC

Integer-overflow in mz_zip_seek_to_local_header

Project Member Reported by ClusterFuzz, Dec 17

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=5707530397024256

Fuzzer: libFuzzer_minizip_uncompress_fuzzer
Fuzz target binary: minizip_uncompress_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  mz_zip_seek_to_local_header
  mz_zip_entry_read_open
  minizip_uncompress_fuzzer.cc
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=617047:617048

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5707530397024256

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

Project Member

Comment 1 by ClusterFuzz, Dec 17

Cc: yawano@chromium.org
Labels: ClusterFuzz-Auto-CC

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Comment 2 by amistry@chromium.org, Dec 17

Cc: amistry@chromium.org
Components: Platform>Apps>FileManager
Labels: CrOSFilesFeature-Zip OS-Chrome
Status: Available (was: Untriaged)

►

Issue 915647 link

Issue metadata

Integer-overflow in mz_zip_seek_to_local_header

Issue description

Comment 1 by ClusterFuzz, Dec 17

Comment 1 Deleted

Comment 2 by amistry@chromium.org, Dec 17

Comment 2 Deleted

Sign in to add a comment