[llvm-bugs] Issue 12897 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray
Updates: Labels: ClusterFuzz-Verified Status: Verified Comment #7 on issue 12897 by ClusterFuzz-External: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12897#c7 ClusterFuzz testcase 5647811742269440 is verified as fixed, so closing issue as verified. If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12897 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray
Comment #6 on issue 12897 by ClusterFuzz-External:
llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in
llvm::ms_demangle::Node**
llvm::ms_demangle::ArenaAllocator::allocArray
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12897#c6
ClusterFuzz has detected this issue as fixed in range
201903270300:201904052014.
Detailed report: https://oss-fuzz.com/testcase?key=5647811742269440
Project: llvm
Fuzzer: libFuzzer_llvm_llvm-microsoft-demangle-fuzzer
Fuzz target binary: llvm-microsoft-demangle-fuzzer
Job Type: libfuzzer_asan_llvm
Platform Id: linux
Crash Type: Heap-buffer-overflow WRITE {*}
Crash Address: 0x62130900
Crash State:
llvm::ms_demangle::Node**
llvm::ms_demangle::ArenaAllocator::allocArray
llvm::ms_demangle::Demangler::demangleArrayType
llvm::ms_demangle::Demangler::demangleType
Sanitizer: address (ASAN)
Recommended Security Severity: High
Regressed:
https://oss-fuzz.com/revisions?job=libfuzzer_asan_llvm=201901070410:201901080410
Fixed:
https://oss-fuzz.com/revisions?job=libfuzzer_asan_llvm=201903270300:201904052014
Reproducer Testcase:
https://oss-fuzz.com/download?testcase_id=5647811742269440
See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for
instructions to reproduce this bug locally.
If you suspect that the result above is incorrect, try re-doing that job on
the test case report page.
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
___
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12897 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray
Comment #5 on issue 12897 by infe...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12897#c5 Can you try accessing it again. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12897 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray
Comment #4 on issue 12897 by tha...@chromium.org: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12897#c4 https://reviews.llvm.org/D60202 fixes at least the repro case attached to this bug. I don't have permissions to view https://oss-fuzz.com/testcase-detail/5647811742269440 so I can't check if other cases still trigger this. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment. ___ llvm-bugs mailing list llvm-bugs@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
[llvm-bugs] Issue 12897 in oss-fuzz: llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in llvm::ms_demangle::Node** llvm::ms_demangle::ArenaAllocator::allocArray
Status: New
Owner:
CC: k...@google.com, masc...@google.com, jdevlieg...@apple.com,
igm...@gmail.com, eney...@google.com, llvm-b...@lists.llvm.org,
j...@chromium.org, v...@apple.com, mitchphi...@outlook.com,
xpl...@gmail.com, akils...@apple.com
Labels: ClusterFuzz Stability-Memory-AddressSanitizer Reproducible
Engine-libfuzzer Proj-llvm Security_Severity-High Reported-2019-02-04
Type: Bug-Security
New issue 12897 by ClusterFuzz-External:
llvm/llvm-microsoft-demangle-fuzzer: Heap-buffer-overflow in
llvm::ms_demangle::Node**
llvm::ms_demangle::ArenaAllocator::allocArray
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12897
Detailed report: https://oss-fuzz.com/testcase?key=5647811742269440
Project: llvm
Fuzzer: libFuzzer_llvm_llvm-microsoft-demangle-fuzzer
Fuzz target binary: llvm-microsoft-demangle-fuzzer
Job Type: libfuzzer_asan_llvm
Platform Id: linux
Crash Type: Heap-buffer-overflow WRITE {*}
Crash Address: 0x62130900
Crash State:
llvm::ms_demangle::Node**
llvm::ms_demangle::ArenaAllocator::allocArray
llvm::ms_demangle::Demangler::demangleArrayType
llvm::ms_demangle::Demangler::demangleType
Sanitizer: address (ASAN)
Recommended Security Severity: High
Regressed:
https://oss-fuzz.com/revisions?job=libfuzzer_asan_llvm=201901070410:201901080410
Reproducer Testcase:
https://oss-fuzz.com/download?testcase_id=5647811742269440
Issue filed automatically.
See https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for
instructions to reproduce this bug locally.
When you fix this bug, please
* mention the fix revision(s).
* state whether the bug was a short-lived regression or an old bug in any
stable releases.
* add any other useful information.
This information can help downstream consumers.
If you need to contact the OSS-Fuzz team with a question, concern, or any
other feedback, please file an issue at
https://github.com/google/oss-fuzz/issues.
--
You received this message because:
1. You were specifically CC'd on the issue
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Reply to this email to add a comment.
___
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
