[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue 52037 in oss-fuzz: gpsd:FuzzJson: Use-after-poison in json_int
|
From: |
Gary E. Miller |
|
Subject: |
Re: Issue 52037 in oss-fuzz: gpsd:FuzzJson: Use-after-poison in json_internal_read_object |
|
Date: |
Mon, 3 Oct 2022 15:02:00 -0700 |
Yo ClusterFuzz-External!
> This is the only one, so far, that may be interesting. What is the
> input that led to this result?
This one is also invalid. It calls and internal function. The function
that calls the internal function already did the proper length checks.
So, one good one, 3 false positives. And no way to makr it as a
false positive.
>
> On Sat, 01 Oct 2022 08:39:12 -0700
> ClusterFuzz-External via monorail <monorail+v2.382749006@chromium.org>
> wrote:
>
> > Status: New
> > Owner: ----
> > CC: gpsd-...@nongnu.org, ajsin...@gmail.com, g...@rellim.com
> > Labels: Restrict-View-Commit ClusterFuzz
> > Stability-Memory-AddressSanitizer Reproducible Stability-AFL
> > OS-Linux Engine-afl Security_Severity-High Reported-2022-10-01
> > Proj-gpsd Type: Bug-Security
> >
> > New issue 52037 by ClusterFuzz-External: gpsd:FuzzJson:
> > Use-after-poison in json_internal_read_object
> > https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52037
> >
> > Detailed Report: https://oss-fuzz.com/testcase?key=4919267284090880
> >
> > Project: gpsd
> > Fuzzing Engine: afl
> > Fuzz Target: FuzzJson
> > Job Type: afl_asan_gpsd
> > Platform Id: linux
> >
> > Crash Type: Use-after-poison READ 1
> > Crash Address: 0x7f4cc55fd01b
> > Crash State:
> > json_internal_read_object
> > json_error_read
> > libgps_json_unpack
> >
> > Sanitizer: address (ASAN)
> >
> > Recommended Security Severity: High
> >
> > Crash Revision:
> > https://oss-fuzz.com/revisions?job=afl_asan_gpsd&revision=202210010601
> >
> > Reproducer Testcase:
> > https://oss-fuzz.com/download?testcase_id=4919267284090880
> >
> > Issue filed automatically.
> >
> > See https://google.github.io/oss-fuzz/advanced-topics/reproducing
> > for instructions to reproduce this bug locally. When you fix this
> > bug, please
> > * mention the fix revision(s).
> > * state whether the bug was a short-lived regression or an old bug
> > in any stable releases.
> > * add any other useful information.
> > This information can help downstream consumers.
> >
> > If you need to contact the OSS-Fuzz team with a question, concern,
> > or any other feedback, please file an issue at
> > https://github.com/google/oss-fuzz/issues. Comments on individual
> > Monorail issues are not monitored.
> >
> > This bug is subject to a 90 day disclosure deadline. If 90 days
> > elapse without an upstream patch, then the bug report will
> > automatically become visible to the public.
> >
>
>
>
>
> RGDS
> GARY
> ---------------------------------------------------------------------------
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
> gem@rellim.com Tel:+1 541 382 8588
>
> Veritas liberabit vos. -- Quid est veritas?
> "If you can't measure it, you can't improve it." - Lord Kelvin
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgpG3tZyRpf8N.pgp
Description: OpenPGP digital signature