Closed Bug 1910071 Opened 4 months ago Closed 3 months ago

NSS TLS client fuzzer crashes in TlsMutators::ShuffleRecords

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: mdauer, Assigned: mdauer)

Details

Attachments

(1 file)

Bug 1910071 - Copy original corpus to heap-allocated buffer, r=djackson,jschanck 4 months ago Maurice Dauer [:mdauer] 48 bytes, text/x-phabricator-request		Details \| Review

Maurice Dauer [:mdauer]

Assignee

Description

•

4 months ago

The custom mutator copies the original corpus in a stack-allocated buffer:

  // Store the original corpus.
  uint8_t buf[size];
  memcpy(buf, data, size);

However, Bug 1903783 increased the size limits potentially causing the buffer to be too big to be stored on the stack.

Maurice Dauer [:mdauer]

Assignee

Comment 1

•

4 months ago

Attached file Bug 1910071 - Copy original corpus to heap-allocated buffer, r=djackson,jschanck — Details

Phabricator Automation

Updated

•

3 months ago

Attachment #9416252 - Attachment description: Bug 1910071 - Copy the original corpus in a heap-allocated buffer, r=jschanck → Bug 1910071 - Copy original corpus to heap-allocated buffer, r=djackson,jschanck

John Schanck [:jschanck]

Updated

•

3 months ago

Group: crypto-core-security

Severity: -- → S4

Priority: -- → P3

John Schanck [:jschanck]

Comment 2

•

3 months ago

https://hg.mozilla.org/projects/nss/rev/e51a2249b7ce71b41d348def29d1c480131dc347

Status: ASSIGNED → RESOLVED

Closed: 3 months ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

NSS TLS client fuzzer crashes in TlsMutators::ShuffleRecords

Categories

(NSS :: Test, defect, P3)

Tracking

(Not tracked)

People

(Reporter: mdauer, Assigned: mdauer)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Comment 2

Attachment

General

Description

File Name

Content Type