New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 0 users

Issue metadata

Status: Fixed
Owner:
User never visited
Closed: Jul 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security
wip



Sign in to add a comment

Use-of-uninitialized-value in CPDF_RenderStatus::GetStrokeArgb

Project Member Reported by ClusterFuzz, Jun 20 2014

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6539688259092480

Fuzzer: Ifratric_pdf_generic
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  CPDF_RenderStatus::GetStrokeArgb
  CPDF_RenderStatus::ProcessPath
  CPDF_RenderStatus::ProcessObjectNoClip
  

Minimized Testcase (1612.49 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94kwOWplLKnFjmzRi6ouARMYkFnvzvtRZbDVJbcHNtDnaztrgyYZb2aUU-he3hksRDnNrJChHxF6e-qkOlQezOUqrQoz65GqCOsUGgodBg_4owXBr5nkjJxM5cSYSZ-rdSMJ9z6foULwAIfAwIfKxZeW4XrkSLqGg3K8L0sMmivRQk59AI
 
Cc: jun_f...@foxitsoftware.com
Owner: bo...@foxitsoftware.com
Status: Assigned
Cc: earthdok@chromium.org
Project Member

Comment 3 by ClusterFuzz, Jun 20 2014

Labels: Pri-1
Cc: ifratric@google.com
Project Member

Comment 5 by ClusterFuzz, Jun 23 2014

Labels: Missing_Impact-1
Labels: M-37 Security_Impact-Stable Security_Impact-Beta
Project Member

Comment 7 by ClusterFuzz, Jun 28 2014

Labels: Nag
bo_xu@: Uh oh! This issue is still open and hasn't been updated in the last 7 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz
Labels: -Nag WIP
PDF security bugs are WIP. Stop the nags for now.
Project Member

Comment 9 by ClusterFuzz, Jul 9 2014

ClusterFuzz has detected this issue as fixed in range 281766:281997.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6539688259092480

Fuzzer: Ifratric_pdf_generic
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  CPDF_RenderStatus::GetStrokeArgb
  CPDF_RenderStatus::ProcessPath
  CPDF_RenderStatus::ProcessObjectNoClip
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_pdfium&range=281766:281997

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94kwOWplLKnFjmzRi6ouARMYkFnvzvtRZbDVJbcHNtDnaztrgyYZb2aUU-he3hksRDnNrJChHxF6e-qkOlQezOUqrQoz65GqCOsUGgodBg_4owXBr5nkjJxM5cSYSZ-rdSMJ9z6foULwAIfAwIfKxZeW4XrkSLqGg3K8L0sMmivRQk59AI

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.

Status: Fixed
Bulk marking as Fixed based on comment "fixed in range 281766:281997"
Project Member

Comment 11 by ClusterFuzz, Jul 9 2014

Labels: -Restrict-View-SecurityTeam Merge-Triage M-36 Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz
Labels: -Merge-Triage Merge-NA Release-0-M38
All MSAN pdf bugs will not be merged back to M36, M37. We will just let them roll into M38 trunk.
Project Member

Comment 13 by ClusterFuzz, Oct 15 2014

Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member

Comment 14 by ClusterFuzz, Feb 2 2016

Labels: -Security_Impact-Beta
Project Member

Comment 15 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 16 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment