| commit | b3f7312686bb67dc18a8f1edc3753f5857a18d58 | [log] [tgz] |
|---|---|---|
| author | Adrian Taylor <[email protected]> | Thu Apr 30 00:56:14 2020 |
| committer | Commit Bot <[email protected]> | Thu Apr 30 00:56:14 2020 |
| tree | 3faef9a477c7f91a2812367b8f65a6059c6bcc9b | |
| parent | 55cbfe54e36f92f2e6849e714b6075b5050d930b [diff] [blame] |
Add FAQ note about null pointer derefences. This Q has indeed been frequently asked. This copies the existing wording from: https://www.chromium.org/Home/chromium-security/reporting-security-bugs but adding a note that offsets must be small as well as fixed. It also explains why we consider these non-exploitable as befits a FAQ. Change-Id: Ie7c1cdda341e0f82df8c88dd4994bd3f2113f345 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2173645 Reviewed-by: Chris Palmer <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Commit-Queue: Adrian Taylor <[email protected]> Cr-Commit-Position: refs/heads/master@{#764080}
diff --git a/docs/security/severity-guidelines.md b/docs/security/severity-guidelines.md index 7e0d6fb..058133a8 100644 --- a/docs/security/severity-guidelines.md +++ b/docs/security/severity-guidelines.md
@@ -152,5 +152,9 @@ * An uncontrolled single-byte out-of-bounds read ([128163](https://crbug.com/128163)). + +## Not a security bug {#TOC-Not-a-security-bug} + The [security FAQ](faq.md) covers many of the cases that we do not consider to -be security bugs, such as [denial of service](faq.md#TOC-Are-denial-of-service-issues-considered-security-bugs-). +be security bugs, such as [denial of service](faq.md#TOC-Are-denial-of-service-issues-considered-security-bugs-) +and, in particular, null pointer dereferences with consistent fixed offsets.