New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 0 users
Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Jul 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security
wip



Sign in to add a comment
Use-of-uninitialized-value in T1_Load_Glyph
Project Member Reported by clusterf...@chromium.org, Jun 23 2014 Back to list
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6194879090655232

Uploader: mjurczyk@google.com
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  T1_Load_Glyph
  FPDFAPI_FT_Load_Glyph
  CPDF_SimpleFont::LoadCharMetrics
  

Minimized Testcase (804.05 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95C5jMSGz0JpDkDEg1SZavxo8xb46hUaP_LKnkDZceqr2r9NzNPWBIFZXxrXbRMlxDNjAjNokf2kG1geN4kl9ivSaw3xrE8Hhb9RFqr7L7-sn1yFukVHpnpe8X7g1W6C7JYNPS3oLqfDfJPafq6lw6dGSKlG0Qnsd4t1iILOyEA5S45hok
 
Cc: jun_f...@foxitsoftware.com
Labels: Security_Impact-Stable Security_Impact-Beta
Owner: bo...@foxitsoftware.com
Status: Assigned
Labels: Cr-Internals-Plugins-PDF
Labels: M-37
Project Member Comment 4 by clusterf...@chromium.org, Jun 23 2014
Labels: Pri-1
Owner: jun_f...@foxitsoftware.com
I'll handle this one.
Project Member Comment 6 by clusterf...@chromium.org, Jul 1 2014
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6194879090655232

Uploader: mjurczyk@google.com
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  T1_Load_Glyph
  FPDFAPI_FT_Load_Glyph
  CPDF_SimpleFont::LoadCharMetrics
  

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95jJh4g15kTvupwZqwqtLosgHRZdtbOPgAqPhKa0--5wDy5HjmLtTJx6yyfQwAyIr3ogeMN0QY7XU7rmIVUrya9xWBMtz3tHfNvg-wukiwCSxT4Hw5_14WLJVWMPM4Sutp0Q3eZf4AVp08h3G0jDWdtoJKUFdU3LzbufZo5EGKUxGQS-x8


Labels: WIP
PDF security bugs are WIP. Stop the nags for now.
Status: Fixed
Project Member Comment 10 by clusterf...@chromium.org, Jul 8 2014
Labels: -Restrict-View-SecurityTeam Merge-Triage M-36 Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz
Project Member Comment 11 by clusterf...@chromium.org, Jul 9 2014
ClusterFuzz has detected this issue as fixed in range 281766:281997.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6194879090655232

Uploader: mjurczyk@google.com
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  T1_Load_Glyph
  FPDFAPI_FT_Load_Glyph
  CPDF_SimpleFont::LoadCharMetrics
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_pdfium&range=281766:281997

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95jJh4g15kTvupwZqwqtLosgHRZdtbOPgAqPhKa0--5wDy5HjmLtTJx6yyfQwAyIr3ogeMN0QY7XU7rmIVUrya9xWBMtz3tHfNvg-wukiwCSxT4Hw5_14WLJVWMPM4Sutp0Q3eZf4AVp08h3G0jDWdtoJKUFdU3LzbufZo5EGKUxGQS-x8

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.

Project Member Comment 12 by clusterf...@chromium.org, Jul 9 2014
ClusterFuzz has detected this issue as fixed in range 281766:281997.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6194879090655232

Uploader: mjurczyk@google.com
Job Type: Linux_msan_pdfium

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  - crash stack -
  T1_Load_Glyph
  FPDFAPI_FT_Load_Glyph
  CPDF_SimpleFont::LoadCharMetrics
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_pdfium&range=281766:281997

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95jJh4g15kTvupwZqwqtLosgHRZdtbOPgAqPhKa0--5wDy5HjmLtTJx6yyfQwAyIr3ogeMN0QY7XU7rmIVUrya9xWBMtz3tHfNvg-wukiwCSxT4Hw5_14WLJVWMPM4Sutp0Q3eZf4AVp08h3G0jDWdtoJKUFdU3LzbufZo5EGKUxGQS-x8

If you suspect that the result above is incorrect, try re-doing that job on the testcase report page.

Labels: -Merge-Triage Merge-NA Release-0-M38
All MSAN pdf bugs will not be merged back to M36, M37. We will just let them roll into M38 trunk.
Project Member Comment 14 by clusterf...@chromium.org, Oct 14 2014
Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member Comment 15 by clusterf...@chromium.org, Feb 2 2016
Labels: -Security_Impact-Beta
Project Member Comment 16 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 17 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment