New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 525 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Jun 2017
Type: Bug

Sign in to add a comment

irssi: Integer-overflow in get_ansi_color

Project Member Reported by ClusterFuzz-External, Feb 3 2017

Issue description

Detailed report:

Project: irssi
Fuzzer: libFuzzer_irssi_irssi-fuzz
Fuzz target binary: irssi-fuzz
Job Type: libfuzzer_ubsan_irssi
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
Sanitizer: undefined (UBSAN)

Reproducer Testcase:

Issue filed automatically.

See for more information.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without an upstream patch, then the bug report will automatically
become visible to the public.
Project Member

Comment 1 by, Feb 24 2017

Labels: Engine-libfuzzer
Project Member

Comment 2 by ClusterFuzz-External, Mar 16 2017

Labels: OS-Linux
Project Member

Comment 3 by, Apr 27 2017

Labels: Deadline-Approaching
This bug is approaching its deadline for being fixed, and will be automatically derestricted within 7 days. If a fix is planned within 2 weeks after the deadline has passed, a grace extension can be granted.

- Your friendly Sheriffbot

Comment 4 by, May 3 2017

An extension would be nice.

I've had a fix for this particular issue for a while already, but there are many similar pieces of code with the pattern "output * 10 + (*input - '0')", and there are other potential integer overflows even after that part of the number parsing is done.
Project Member

Comment 5 by, May 3 2017

Labels: Deadline-Grace
Sure, we've extended the deadline by 14 days.

Comment 6 by, May 17 2017

Here's a fix for this and the other related integer overflow issues.

We've decided to handle it publicly in github since I'm almost completely sure it's not security relevant (took me way too long to be sure of that, and I still think it's possible compilers could find a way to mess it up given enough evil optimizations, but even those are unlikely to have serious consequences)

I guess clusterfuzz won't see the fix for a while (the PR still needs to be reviewed by the others) but of course it's okay if this gets derestricted.
Project Member

Comment 7 by, May 18 2017

Labels: -restrict-view-commit -deadline-approaching Deadline-Exceeded
This bug has exceeded our disclosure deadline. It has been opened to the public.

- Your friendly Sheriffbot
Project Member

Comment 8 by ClusterFuzz-External, Jun 17 2017

Status: WontFix (was: New)
ClusterFuzz testcase 5070269957799936 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 9 by, Jun 17 2017

Uh, does that mean it no longer reproduces against the original revision? Because it's fixed in current git master.

Sign in to add a comment