New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 0 users
Status: Fixed
Owner:
User never visited
Closed: Oct 2014
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security



Sign in to add a comment
Heap-buffer-overflow in opj_stream_read_data
Project Member Reported by ClusterFuzz, Oct 20 2014 Back to list
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5473960887058432

Uploader: mjurczyk@google.com
Job Type: Linux_asan_pdfium

Crash Type: Heap-buffer-overflow WRITE {*}
Crash Address: 0x61500010d382
Crash State:
  opj_stream_read_data
  opj_j2k_read_tile_header
  opj_j2k_decode_tiles
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94xsopd_7CTxKp-q1_1xFe8gw6fUewPXxlHk3TluYXYi329Wls6uXxeczVgTWIYHCZdBicaLfNb2TOZ9BwEEx2CY6y9Xdrpp0e9KKZE4ZKzokhrTHMeXOhuXy1c14RL8cdS0ZBRcB3XjiS0DiySORVT-rw9TZuWsiWySCdd58t7D4Yahrw


Filer: mjurczyk
 
Cc: jun_f...@foxitsoftware.com
Labels: Cr-Internals-Plugins-PDF
Owner: bo...@foxitsoftware.com
Status: Assigned
Project Member Comment 3 by ClusterFuzz, Oct 20 2014
Labels: Pri-1
Cc: mathieu....@gmail.com m.darb...@gmail.com anto...@gmail.com
@m.darbois, also this one :)
@m.darbois, this is fixed after update to openjpeg r2908
Project Member Comment 7 by ClusterFuzz, Oct 22 2014
Labels: -Restrict-View-SecurityTeam Merge-Triage Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz
Labels: -Merge-Triage Merge-Requested Security_Impact-Stable M-39
Labels: -Merge-Requested Merge-Approved
merge approved for m39 branch 2171.  please merge this before nov 3 if possible, email me if you have any issues.
Labels: Merge-Merged
Cc: amineer@chromium.org
Dev/Bug owner, please merge to M-39 branch 2171 asap. We need all these security fixes to go into the first stable.
Labels: -Merge-Approved Release-0-M39
Project Member Comment 13 by ClusterFuzz, Jan 27 2015
Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member Comment 14 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 15 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment