New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: Verified
Owner: ----
Closed: Jan 13
Cc:
Type: Bug-Security



Sign in to add a comment

llvm/clang-fuzzer: Stack-buffer-overflow in clang::Lexer::LexAngledStringLiteral

Project Member Reported by ClusterFuzz-External, Oct 27 2017

Issue description

Detailed report: https://oss-fuzz.com/testcase?key=5625920451772416

Project: llvm
Fuzzer: libFuzzer_llvm_clang-fuzzer
Fuzz target binary: clang-fuzzer
Job Type: libfuzzer_asan_llvm
Platform Id: linux

Crash Type: Stack-buffer-overflow READ 1
Crash Address: 0x7f03c4273b38
Crash State:
  clang::Lexer::LexAngledStringLiteral
  clang::Lexer::LexTokenInternal
  clang::Lexer::Lex
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5625920451772416

Issue filed automatically.

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

When you fix this bug, please
  * mention the fix revision(s).
  * state whether the bug was a short-lived regression or an old bug in any stable releases.
  * add any other useful information.
This information can help downstream consumers.

If you have questions for the OSS-Fuzz team, please file an issue at https://github.com/google/oss-fuzz/issues.
 
Project Member

Comment 1 by ClusterFuzz-External, Dec 12 2017

Cc: akila_sr...@apple.com
Project Member

Comment 2 by ClusterFuzz-External, Dec 15 2017

Cc: akils...@apple.com
Project Member

Comment 3 by ClusterFuzz-External, Dec 18 2017

Cc: igm...@gmail.com
Project Member

Comment 4 by ClusterFuzz-External, Jan 5

Cc: mitchphi...@outlook.com
Project Member

Comment 5 by ClusterFuzz-External, Jan 12

Cc: xpl...@gmail.com
Project Member

Comment 6 by ClusterFuzz-External, Jan 13

ClusterFuzz has detected this issue as fixed in range 201801120612:201801130619.

Detailed report: https://oss-fuzz.com/testcase?key=5625920451772416

Project: llvm
Fuzzer: libFuzzer_llvm_clang-fuzzer
Fuzz target binary: clang-fuzzer
Job Type: libfuzzer_asan_llvm
Platform Id: linux

Crash Type: Stack-buffer-overflow READ 1
Crash Address: 0x7f03c4273b38
Crash State:
  clang::Lexer::LexAngledStringLiteral
  clang::Lexer::LexTokenInternal
  clang::Lexer::Lex
  
Sanitizer: address (ASAN)

Recommended Security Severity: Medium

Fixed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_llvm&range=201801120612:201801130619

Reproducer Testcase: https://oss-fuzz.com/download?testcase_id=5625920451772416

See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by ClusterFuzz-External, Jan 13

Labels: ClusterFuzz-Verified
Status: Verified (was: New)
ClusterFuzz testcase 5625920451772416 is verified as fixed, so closing issue as verified.

If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new
Bug was fixed in Clang in revision 322390. With provided test case it became reproducible in March 2017. Based on the code the bug was present before that, probably other changes made it easier to reproduce.

Sign in to add a comment