Crash in std::__1::__tree_const_iterator<std::__1::__value_type<CFX_ByteString, CPDF_Obje |
|||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5460658025398272 Fuzzer: attekett_surku_fuzzer Job Type: linux_asan_chrome_media Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x000000000018 Crash State: std::__1::__tree_const_iterator<std::__1::__value_type<CFX_ByteString, CPDF_Obje CPDF_Dictionary::GetDictBy CPDF_BookmarkTree::GetFirstChild Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_media&range=372410:372488 Minimized Testcase (3.26 Kb): https://cluster-fuzz.appspot.com/download/AMIfv947PqzoNR-ahTIX4S3yPL8oPQ5oINi4Brw_9Qlc6MTDfOHxCvbR1uDRqYUrqxqh-85lbU9oIliQSulprg5e0ykbk0N4ekLucyu_rF5ldQKmyvbj1hd0lqZfh4mkJpGx1tBnWDAnmit8RI6aIdruG80VT84tJA Filer: pbommana See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Mar 17 2016
,
May 16 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6065319696662528 Fuzzer: tokenfuzz_pdf_april16 Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000018 Crash State: std::__1::__tree_const_iterator<std::__1::__value_type<CFX_ByteString, CPDF_Obje CPDF_Dictionary::GetDictBy CPDF_BookmarkTree::GetFirstChild Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=144946:145047 Minimized Testcase (238.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94KgWGuef4bG5_rcaR_ZY72KCzkCxMX_ah42MGGT-B4HGGzqasiKxSFwvr3HfX861WHehK0c0qMeL153EhXdDkcYF_UvY8x3tZtmophfaRiaEcUMBSbcR3s7KHf39SukGCjOZlrFUTro3JvSE1ayQaCnor3PbOEFbeL5cZqn2JvITzHFFY Filer: ranjitkan See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
May 16 2016
,
May 18 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3619af20db45e309e443d5e035e3a95e01200779 commit 3619af20db45e309e443d5e035e3a95e01200779 Author: thestig <thestig@chromium.org> Date: Wed May 18 00:31:06 2016 Roll PDFium 06f4572..8bdb290 https://pdfium.googlesource.com/pdfium.git/+log/06f4572..8bdb290 BUG= 479400 , 590927 TBR=ochang@chromium.org Review-Url: https://codereview.chromium.org/1981333005 Cr-Commit-Position: refs/heads/master@{#394285} [modify] https://crrev.com/3619af20db45e309e443d5e035e3a95e01200779/DEPS
,
May 18 2016
,
May 19 2016
ClusterFuzz has detected this issue as fixed in range 394251:394739. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6065319696662528 Fuzzer: tokenfuzz_pdf_april16 Job Type: linux_asan_chrome_mp Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000000018 Crash State: std::__1::__tree_const_iterator<std::__1::__value_type<CFX_ByteString, CPDF_Obje CPDF_Dictionary::GetDictBy CPDF_BookmarkTree::GetFirstChild Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=144946:145047 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=394251:394739 Minimized Testcase (238.70 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94KgWGuef4bG5_rcaR_ZY72KCzkCxMX_ah42MGGT-B4HGGzqasiKxSFwvr3HfX861WHehK0c0qMeL153EhXdDkcYF_UvY8x3tZtmophfaRiaEcUMBSbcR3s7KHf39SukGCjOZlrFUTro3JvSE1ayQaCnor3PbOEFbeL5cZqn2JvITzHFFY See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by pbomm...@chromium.org
, Mar 1 2016