Issue 1999083003: UBSAN: Fix left-shifts of negative values in webusb_descriptors.cc.

Issue 1999083003: UBSAN: Fix left-shifts of negative values in webusb_descriptors.cc. (Closed)

Created:
4 years, 7 months ago by Reilly Grant (use Gerrit)

Modified:
4 years, 7 months ago

Reviewers:
juncai

CC:
chromium-reviews

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

UBSAN: Fix left-shifts of negative values in webusb_descriptors.cc. ClusterFuzz found that OnReadWebUsbAllowedOriginsHeader and OnReadBosDescriptorHeader will left-shift the char* returned by IOBuffer::data() which is undefined if the value is negative. This pointer should be cast to a uint8_t* before being dereferenced. BUG=613693 Committed: https://crrev.com/ca857e0b1ee85aaaf8882f0eb5b5c32ea8fae45b Cr-Commit-Position: refs/heads/master@{#395181}

Patch Set 1 #

Created: 4 years, 7 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+4 lines, -2 lines)			Patch
	M	device/usb/webusb_descriptors.cc	View		2 chunks	+4 lines, -2 lines	0 comments	Download

Messages

Total messages: 9 (4 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1999083003/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1999083003/1

4 years, 7 months ago (2016-05-20 22:11:57 UTC) #6

commit-bot: I haz the power

4 years, 7 months ago (2016-05-20 22:22:49 UTC) #9

Message was sent while issue was closed.

Patchset 1 (id:??) landed as
https://crrev.com/ca857e0b1ee85aaaf8882f0eb5b5c32ea8fae45b
Cr-Commit-Position: refs/heads/master@{#395181}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages