New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 0 users
Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Jul 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security
wip



Sign in to add a comment
Use-of-uninitialized-value in CFX_MapByteStringToPtr::operator
Project Member Reported by clusterf...@chromium.org, Jun 23 2014 Back to list
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6654972898836480

Uploader: mjurczyk@google.com
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  CFX_MapByteStringToPtr::operator
  CFX_ByteStringC
  CPDF_DocPageData::GetIccProfile
  

Minimized Testcase (19.79 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95-0_EcPl7p_usxWjKu_K7N82pgayg34BuX6U-8flBZ-XX-vftGH-u6fvuSSuo6TANdGON1-XpkbmVSDTgMwQ7hB0dLhSpfL9c9-paoKze5O2HoHI035XO94lK6u6g-xlF0ZuSAbQ3y_UEL9rRr6fm2Iow2LyHea8CO65McWhNSqK6Otio
 
Cc: jun_f...@foxitsoftware.com
Labels: Security_Impact-Stable Security_Impact-Beta
Owner: bo...@foxitsoftware.com
Status: Assigned
Labels: Cr-Internals-Plugins-PDF
Labels: M-37
Project Member Comment 4 by clusterf...@chromium.org, Jun 23 2014
Labels: Pri-1
Project Member Comment 5 by clusterf...@chromium.org, Jul 1 2014
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6654972898836480

Uploader: mjurczyk@google.com
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  CFX_MapByteStringToPtr::operator
  CPDF_DocPageData::GetIccProfile
  CPDF_Document::LoadIccProfile
  

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95720ptYIOuI9evYb6h9ATh4qlyv2OcX6ahEpiBvuHe1NQv-zRhBhpTChmK8gaaeeZpoTr7yRFkz5AMKfSKeghDdmPMGV-b9JOZ9uoKn0pHfSCn5JqtgKRFUYvBdlMomGXYPyQc-EPrEOTq3XhU5O4ECtXvkHsg4Q37VlPiLxkHGR5CkSA


Project Member Comment 6 by clusterf...@chromium.org, Jul 2 2014
Labels: Nag
bo_xu@: Uh oh! This issue is still open and hasn't been updated in the last 7 days. Since this is a serious security vulnerability, we want to make sure progress is happening. Can you update the bug with current status, and what, if anything, is blocking?

If you are not the right Owner for this bug, please find someone else to own it as soon as possible and remove yourself as Owner.

If the issue is already fixed or you are to unable to reproduce it, please close the bug. (And thanks for fixing the bug!).

These nags can be disabled by adding a 'WIP' label and an optional codereview link.

- Your friendly ClusterFuzz
Labels: -Nag WIP
PDF security bugs are WIP. Stop the nags for now.
Owner: jun_f...@foxitsoftware.com
I'll handle this one.
Project Member Comment 9 by clusterf...@chromium.org, Jul 9 2014
ClusterFuzz has detected this issue as fixed in range 281766:281997.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6654972898836480

Uploader: mjurczyk@google.com
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  CFX_MapByteStringToPtr::operator
  CPDF_DocPageData::GetIccProfile
  CPDF_Document::LoadIccProfile
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_pdfium&range=281766:281997

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95720ptYIOuI9evYb6h9ATh4qlyv2OcX6ahEpiBvuHe1NQv-zRhBhpTChmK8gaaeeZpoTr7yRFkz5AMKfSKeghDdmPMGV-b9JOZ9uoKn0pHfSCn5JqtgKRFUYvBdlMomGXYPyQc-EPrEOTq3XhU5O4ECtXvkHsg4Q37VlPiLxkHGR5CkSA

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.

Status: Fixed
Project Member Comment 11 by clusterf...@chromium.org, Jul 9 2014
Labels: -Restrict-View-SecurityTeam Merge-Triage M-36 Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz
Labels: -Merge-Triage Merge-NA Release-0-M38
All MSAN pdf bugs will not be merged back to M36, M37. We will just let them roll into M38 trunk.
Project Member Comment 13 by clusterf...@chromium.org, Oct 15 2014
Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member Comment 14 by clusterf...@chromium.org, Feb 2 2016
Labels: -Security_Impact-Beta
Project Member Comment 15 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 16 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment