Closed Bug 1202932 Opened 9 years ago Closed 9 years ago

ASan: heap-buffer-overflow in sec_asn1d_parse_more_identifier()

Tracking

(firefox43 affected)

Status:

RESOLVED INVALID

Tracking Flags:

Tracking

Status

firefox43

---

affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords)

Attachments

(2 files)

call_stack.txt 9 years ago Tyson Smith [:tsmith] 2.62 KB, text/plain		Details
test_case 9 years ago Tyson Smith [:tsmith] 1 byte, application/octet-stream		Details

Tyson Smith [:tsmith]

Reporter

Description

•

9 years ago

Attached file call_stack.txt — Details

I created a fuzzing harness by modifying the test attached to bug 1202868 to read from a file.

Tyson Smith [:tsmith]

Reporter

Comment 1

•

9 years ago

Attached file test_case — Details

Matt Wobensmith [:mwobensmith][:matt:]

Updated

•

9 years ago

Keywords: sec-high

Ryan Sleevi

Comment 2

•

9 years ago

Unable to reproduce this once the harness fix from https://bugzilla.mozilla.org/show_bug.cgi?id=1202868#c8 is applied.

Flags: needinfo?(twsmith)

Tyson Smith [:tsmith]

Reporter

Comment 3

•

9 years ago

Thanks for catching that Ryan. The harness has been updated and I no longer see this failure.

Status: NEW → RESOLVED

Closed: 9 years ago

Flags: needinfo?(twsmith)

Resolution: --- → INVALID

Daniel Veditz [:dveditz]

Updated

•

9 years ago

Group: crypto-core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

ASan: heap-buffer-overflow in sec_asn1d_parse_more_identifier()

Categories

(NSS :: Libraries, defect)

Tracking

(firefox43 affected)

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords)

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Comment 1

Updated

Comment 2

Comment 3

Updated

Attachment

General

Description

File Name

Content Type