OSV-2022-1119

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/spirv-tools/OSV-2022-1119.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-1119

Published

2022-10-31T00:00:28.775967Z

Modified

2023-01-10T07:03:44.497651Z

Summary

Container-overflow in spvtools::opt::blockmergeutil::CanMergeWithSuccessor

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52863

Crash type: Container-overflow READ 8
Crash state:
spvtools::opt::blockmergeutil::CanMergeWithSuccessor
std::__1::__function::__func&lt;spvtools::opt::BlockMergePass::Process
spvtools::opt::IRContext::ProcessCallTreeFromRoots

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52863

Affected packages

OSS-Fuzz / spirv-tools

Package

Name: spirv-tools
Purl: pkg:generic/spirv-tools

Affected ranges

Type: GIT
Repo: https://github.com/KhronosGroup/SPIRV-Tools.git
Events: Introduced

a52de681dd17f8b545ecd9ea2138f72b39bf449a

Fixed

235182cfee2cf03a6f05f7c62b7927584b955850

Affected versions

sdk-1.*

sdk-1.3.236.0

Ecosystem specific

{
    "severity": "MEDIUM"
}