Closed Bug 1202936 Opened 9 years ago Closed 9 years ago

ASan: heap-buffer-overflow in sec_asn1d_parse_identifier()

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox43 affected)

Status:
RESOLVED INVALID
Tracking Flags:
Tracking Status
firefox43 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(4 keywords)

Attachments

(2 files, 1 obsolete file)

test_case
6 bytes, application/octet-stream
Details
call_stack.txt
2.62 KB, text/plain
Details
Attached file call_stack.txt (obsolete) —
I created a fuzzing harness by modifying the test attached to bug 1202868 to read from a file.
Attached file test_case
Summary: ASan: heap-buffer-overflow in sec_asn1d_parse_more_identifier() → ASan: heap-buffer-overflow in sec_asn1d_parse_identifier()
Attached file call_stack.txt
Attachment #8658469 - Attachment is obsolete: true
Tyson: I believe this is a harness bug. I'm unable to reproduce with the fix from https://bugzilla.mozilla.org/show_bug.cgi?id=1202868#c8 applied.
Flags: needinfo?(twsmith)
Thanks for catching that Ryan. The harness has been updated and I no longer see this failure.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(twsmith)
Resolution: --- → INVALID
Group: crypto-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: