Undefined-shift in CFX_BitStream::GetBits |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6463225516523520 Fuzzer: tokenfuzz_pdf_march16 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: CFX_BitStream::GetBits CPDF_MeshStream::GetFlag CPDF_StreamContentParser::Handle_ShadeFill Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370003:370058 Minimized Testcase (30.41 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94JnoSeaIMtdYs7GgJYHNtLTAVTN0qAzV0o3kwlh6sd81z5ses2ODyhfTbr-YTBVNMDD9n3iQ6XTZJ6rm8yiBO0HjuOF94c9olHoJ3pT0BbKp9KoU2AoGLlwOpA5NQC92qUXj-jGNoHD9uOR74dijbbgQZyuvg8MV_Koyt8RXaTd8p1e18 Filer: ivancic See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 1 2016
https://codereview.chromium.org/2020183004/
,
Jun 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0191740cd56ba9de20ca1add6964d6b9023fd555 commit 0191740cd56ba9de20ca1add6964d6b9023fd555 Author: ochang <ochang@chromium.org> Date: Thu Jun 02 05:46:03 2016 Roll PDFium d23df55..c324646 https://pdfium.googlesource.com/pdfium.git/+log/d23df55..c324646 BUG= 616248 , 427616 , 613623 , 616246 , 613607 TBR=thestig@chromium.org Review-Url: https://codereview.chromium.org/2034443002 Cr-Commit-Position: refs/heads/master@{#397297} [modify] https://crrev.com/0191740cd56ba9de20ca1add6964d6b9023fd555/DEPS
,
Jun 3 2016
ClusterFuzz has detected this issue as fixed in range 397239:397396. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6463225516523520 Fuzzer: tokenfuzz_pdf_march16 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: CFX_BitStream::GetBits CPDF_MeshStream::GetFlag CPDF_StreamContentParser::Handle_ShadeFill Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370003:370058 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=397239:397396 Minimized Testcase (30.41 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94JnoSeaIMtdYs7GgJYHNtLTAVTN0qAzV0o3kwlh6sd81z5ses2ODyhfTbr-YTBVNMDD9n3iQ6XTZJ6rm8yiBO0HjuOF94c9olHoJ3pT0BbKp9KoU2AoGLlwOpA5NQC92qUXj-jGNoHD9uOR74dijbbgQZyuvg8MV_Koyt8RXaTd8p1e18 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 7 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by thestig@chromium.org
, May 31 2016