Chromium WebCore Use-after-free漏洞分析

关键漏洞信息 漏洞描述 类型: Use-after-free in WebCore::RenderBlockFlow::checkFloatsInCleanLine 优先级: P1 严重性: S1 状态: Fixed 报告详情 报告人: cl...@chromium.org 报告时间: Mar 24, 2014 11:12AM 详细报告: ClusterFuzz Testcase Fuzzer: Marty_html_twiddler Job Type: Linux_asan_content_shell_drt 崩溃信息 Crash Type: Heap-use-after-free READ 4 Crash Address: 0x6110002801b0 Crash State: - WebCore::RenderBlockFlow::checkFloatsInCleanLine - WebCore::RenderBlockFlow::determineEndPosition - WebCore::Node::detach - WebCore::ContainerNode::detach 其他信息 Minimized Testcase: Download Regressed: Revisions 评论 in...@chromium.org: > check if chromium codereview fixes this or something similar. cl...@chromium.org: [Empty comment from Monorail migration] bj...@adobe.com: (No specific comment available)

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Chromium WebCore Use-after-free漏洞分析

目标达成感谢每一位支持者 — 我们达成了 100% 目标！