Closed
Bug 1320326
Opened 8 years ago
Closed 8 years ago
UBSan: ssl3_ConsumeHandshakeNumber(): left shift of 14025209 by 8 places cannot be represented in type 'PRInt32'
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.29
People
(Reporter: ttaubert, Assigned: ttaubert)
References
(Blocks 1 open bug)
Details
(Keywords: sec-low)
Attachments
(1 file)
|
15.06 KB,
application/octet-stream
|
Details |
../../lib/ssl/ssl3con.c:4370:20: runtime error: left shift of 14025209 by 8 places cannot be represented in type 'PRInt32' (aka 'int')
#0 0x592c78 in ssl3_ConsumeHandshakeNumber /home/worker/nss/out/Debug/../../lib/ssl/ssl3con.c:4370:20
#1 0x55de1a in tls13_HandleNewSessionTicket /home/worker/nss/out/Debug/../../lib/ssl/tls13con.c:3867:11
#2 0x558777 in tls13_HandlePostHelloHandshakeMessage /home/worker/nss/out/Debug/../../lib/ssl/tls13con.c:588:20
#3 0x5c68b3 in ssl3_HandleHandshakeMessage /home/worker/nss/out/Debug/../../lib/ssl/ssl3con.c:11799:22
#4 0x5d17d3 in ssl3_HandleHandshake /home/worker/nss/out/Debug/../../lib/ssl/ssl3con.c:11985:18
#5 0x5cd507 in ssl3_HandleRecord /home/worker/nss/out/Debug/../../lib/ssl/ssl3con.c:12753:22
#6 0x616a0a in ssl3_GatherCompleteHandshake /home/worker/nss/out/Debug/../../lib/ssl/ssl3gthr.c:407:18
#7 0x61ac5b in ssl3_GatherAppDataRecord /home/worker/nss/out/Debug/../../lib/ssl/ssl3gthr.c:552:14
#8 0x531f78 in DoRecv /home/worker/nss/out/Debug/../../lib/ssl/sslsecur.c:566:14
#9 0x5315cb in ssl_SecureRecv /home/worker/nss/out/Debug/../../lib/ssl/sslsecur.c:870:10
#10 0x532a2c in ssl_SecureRead /home/worker/nss/out/Debug/../../lib/ssl/sslsecur.c:879:12
#11 0x54ce95 in ssl_Read /home/worker/nss/out/Debug/../../lib/ssl/sslsock.c:2735:10
#12 0x7fc4e4443ad0 in PR_Read /home/worker/nspr/Debug/pr/src/io/../../../../pr/src/io/priometh.c:109:9
#13 0x4fd893 in client_fuzzing_target /home/worker/nss/out/Debug/../../fuzz/client_target.cc:354:18
#14 0x64500b in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:515:13
#15 0x6451b7 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:469:3
#16 0x64608d in fuzzer::Fuzzer::MutateAndTestOne() /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:701:30
#17 0x646347 in fuzzer::Fuzzer::Loop() /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerLoop.cpp:734:5
#18 0x639e3a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/worker/nss/out/Debug/../../fuzz/libFuzzer/FuzzerDriver.cpp:525:6
#19 0x51be68 in main /home/worker/nss/out/Debug/../../fuzz/nssfuzz.cc:147:10
#20 0x7fc4e4f9b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#21 0x42f398 in _start (/home/worker/dist/Debug/bin/nssfuzz+0x42f398)
SUMMARY: AddressSanitizer: undefined-behavior ../../lib/ssl/ssl3con.c:4370:20 in
|
Assignee | |
Comment 1•8 years ago
|
||
|
|
Assignee | |
Comment 2•8 years ago
|
||
https://nss-review.dev.mozaws.net/D97
|
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 3•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=0b776b54ee7d2c3561406f8dec844652deef350c
|
|
Assignee | |
Comment 4•8 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/e2fc4c464d50
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.29
|
||
Updated•8 years ago
|
Group: crypto-core-security → core-security-release
|
|
||
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•