Integer-overflow in FX_atonum |
|||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5736850173460480 Uploader: ochang@google.com Job Type: linux_ubsan_pdfium Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: FX_atonum CPDF_SyntaxParser::GetObject CPDF_SyntaxParser::GetObject Minimized Testcase (4.78 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95jloQKU7YuDtAonyFilpWEsr3X5VGqlFRywWizyStaYUKzf5Hgy26ahOYy_wMPdQB_Ppv5BuYfr0YhR-V9FEFZBlCcJIm7LnMiAKDZS24kqN2sNjwChxVvv05T_Ce8FyMQ2hs_s6xmGFRDCWiZNOU161xAQg Filer: ochang See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 15 2016
,
May 19 2016
Issue 603546 has been merged into this issue.
,
May 19 2016
There's a TODO(dsinclair) in FX_atonum().
,
May 19 2016
,
May 19 2016
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium.git/+/bc8a64029f898286c3dcad3a6cecdc98ef30b139 commit bc8a64029f898286c3dcad3a6cecdc98ef30b139 Author: dsinclair <dsinclair@chromium.org> Date: Thu May 19 18:37:10 2016 Correctly check for overflow in FX_atonum. Instead of the existing method, use the CheckedNumeric class to check for overflow during conversion. BUG= chromium:596526 Review-Url: https://codereview.chromium.org/1992023003 [modify] https://crrev.com/bc8a64029f898286c3dcad3a6cecdc98ef30b139/core/fxcrt/fx_basic_util.cpp
,
May 20 2016
,
Jun 8 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5736850173460480 Uploader: ochang@google.com Job Type: linux_ubsan_pdfium Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: FX_atonum CPDF_SyntaxParser::GetObject CPDF_SyntaxParser::GetObject Minimized Testcase (4.78 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95LeuXQBt2rtFFFvUNNVJvTg38pN1ZvP1xKu_4hvoJx5ybkOpgi48LPsPqiyDH011qJXiTf0J4xrfVaA_w5KfgYWgt7Y14anBTTf6Bcj9rcEUPJV_qfL6__A7utw_Te4DmVnUT-5Wz4KrRG513jk84vRz--9A See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 9 2016
ClusterFuzz has detected this issue as fixed in range 394980:395008. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5736850173460480 Uploader: ochang@google.com Job Type: linux_ubsan_pdfium Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: FX_atonum CPDF_SyntaxParser::GetObject CPDF_SyntaxParser::GetObject Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_pdfium&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_pdfium&range=394980:395008 Minimized Testcase (4.78 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95LeuXQBt2rtFFFvUNNVJvTg38pN1ZvP1xKu_4hvoJx5ybkOpgi48LPsPqiyDH011qJXiTf0J4xrfVaA_w5KfgYWgt7Y14anBTTf6Bcj9rcEUPJV_qfL6__A7utw_Te4DmVnUT-5Wz4KrRG513jk84vRz--9A See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by och...@chromium.org
, Mar 21 2016Components: Internals>Plugins>PDF