Issue 603546 link

Starred by 0 users

Issue metadata

Status:	Duplicate
Merged:	issue 596526
Owner:	----
Closed:	May 2016
Cc:	kcc@chromium.org mmoroz@google.com tsepez@chromium.org och...@chromium.org █ aizatsky@chromium.org
Components:	Internals>Plugins>PDF
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	1
Type:	Bug
Stability-Crash Reproducible Stability-Libfuzzer Clusterfuzz Stability-UndefinedBehaviorSanitizer

Integer-overflow in FX_atonum

Project Member Reported by ClusterFuzz, Apr 14 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4811562165993472

Fuzzer: libfuzzer_pdfium_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  FX_atonum
  CPDF_SyntaxParser::GetObject
  CPDF_SyntaxParser::GetObjectByStrict
  

Minimized Testcase (0.14 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Oh2S4WYBcnqo3vKvzMMjirOsfVzvSb7YCmg168EVA2rKt6dey00oXmsYTONxP2Kea3lD4fQpV9ydIavic6H51hK_FrN_F46fYtCNuN4B9LIq0INtb_yMOpz5YaJzWm6vHkHhMI6RzLc43W-DgmPOyH-1Q7Q
%PDF�.4
�%�(
0 /L501'80�PDF-�.4%�(�
0 0 obj 
<<startxte//ABCDEF+CMBX10<<start/OC3 000000000000000000000002186876979 /C0o%PFTD-]
2/%PDF/Difference
1


Filer: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmoroz@chromium.org, Apr 14 2016

Cc: och...@chromium.org kcc@chromium.org aizatsky@chromium.org
Components: Internals>Plugins>PDF

Comment 2 by thestig@chromium.org, Apr 15 2016

Cc: tsepez@chromium.org

Related to  bug 596526 ?

Comment 3 by thestig@chromium.org, May 19 2016

Mergedinto: 596526
Status: Duplicate (was: Available)

Project Member

Comment 4 by ClusterFuzz, May 20 2016

ClusterFuzz has detected this issue as fixed in range 394859:395005.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4811562165993472

Fuzzer: libfuzzer_pdfium_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  FX_atonum
  CPDF_SyntaxParser::GetObject
  CPDF_SyntaxParser::GetObjectByStrict
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=394859:395005

Minimized Testcase (0.14 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96Oh2S4WYBcnqo3vKvzMMjirOsfVzvSb7YCmg168EVA2rKt6dey00oXmsYTONxP2Kea3lD4fQpV9ydIavic6H51hK_FrN_F46fYtCNuN4B9LIq0INtb_yMOpz5YaJzWm6vHkHhMI6RzLc43W-DgmPOyH-1Q7Q
%PDF�.4
�%�(
0 /L501'80�PDF-�.4%�(�
0 0 obj 
<<startxte//ABCDEF+CMBX10<<start/OC3 000000000000000000000002186876979 /C0o%PFTD-]
2/%PDF/Difference
1


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 603546 link

Issue metadata

Integer-overflow in FX_atonum

Issue description

Comment 1 by mmoroz@chromium.org, Apr 14 2016

Comment 1 Deleted

Comment 2 by thestig@chromium.org, Apr 15 2016

Comment 2 Deleted

Comment 3 by thestig@chromium.org, May 19 2016

Comment 3 Deleted

Comment 4 by ClusterFuzz, May 20 2016

Comment 4 Deleted

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Comment 5 Deleted

Sign in to add a comment