Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in CPDF_StreamParser::ParseNextElement |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5210474279075840 Fuzzer: lszekeres_pdf_small Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Heap-buffer-overflow Crash Address: Crash State: CPDF_StreamParser::ParseNextElement CPDF_StreamContentParser::Parse CPDF_ContentParser::Continue Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=393869:393907 Minimized Testcase (14777.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv972EMujJtUFG_Gqe5b9qLWceAO6Q4QlY9IXjIPshoZC4zoE4nJsGWxOJGRDtWcRRnsGF-Xpt6cpy1qwupvLMni9gsphBXdfwx4xya5-MWWZ8v325GBbCSmuWcEAcydnmtDnWQsaxC2J_xz3Y5FFBiyO0yYBhePIX302jt5Tk7AQe5v_FfU Filer: ivancic See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 7 2016
,
Jun 10 2016
ClusterFuzz has detected this issue as fixed in range 399086:399117. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5210474279075840 Fuzzer: lszekeres_pdf_small Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Heap-buffer-overflow Crash Address: Crash State: CPDF_StreamParser::ParseNextElement CPDF_StreamContentParser::Parse CPDF_ContentParser::Continue Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=393869:393907 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=399086:399117 Minimized Testcase (14777.84 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94ymwI6c4u8uzymxv-8gnQsOjdae0ux67a4tXcBoRZJ7CaElkXw9AhjPhYQTlxrett1WfsY7AVSt0X4UQUOuM_2jTtURrMNjFD2OkOcT6wDjO1CgQqB7xYlrrbbJR8iAGIp6R27kBfhmmedaOl00tV1lmHO8CULknFpYMp8a-y79ZNwh_I See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jun 13 2016
,
Jun 14 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jun 14 2016
,
Jun 14 2016
Sorry for the incorrect ClusterFuzz update, please ignore it. Reopening bug.
,
Jun 16 2016
,
Jun 16 2016
Any update on this bug as it is marked as M52 stable blocker?
,
Jun 16 2016
A friendly reminder that M52 Stable is launching soon! Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the release branch by July 12. All changes MUST be merged into the release branch by 5pm on July 15 to make into the desktop Stable final build cut. Thank you!
,
Jun 20 2016
XFA has been disabled on beta, this should no longer block stable.
,
Jul 19 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6224178437160960 Fuzzer: tokenfuzz_pdf_march16 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Heap-buffer-overflow Crash Address: Crash State: CPDF_StreamParser::ParseNextElement CPDF_StreamContentParser::Parse CPDF_ContentParser::Continue Recommended Security Severity: Low Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (24.81 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96rA8jeTWruC1466KB0ZQcseZIHshJ8_8CAPxwtVRwZmHJN9AXJoQKGTR1-L5pqTAlXgL3qdUXtrP8KC6r4rY0Kg6doN-5aTkBvHQ3HldUGv5j024tIMrb3_o_7Yfsd2GRqYL2iFoya0vok39OQldi_tsoFKXfrEwMhWBftJm3v-2pQXc4?testcase_id=6224178437160960 Additional requirements: Requires Gestures Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 3 2016
ClusterFuzz has detected this issue as fixed in range 407167:409418. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6224178437160960 Fuzzer: tokenfuzz_pdf_march16 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Heap-buffer-overflow Crash Address: Crash State: CPDF_StreamParser::ParseNextElement CPDF_StreamContentParser::Parse CPDF_ContentParser::Continue Recommended Security Severity: Low Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=407167:409418 Minimized Testcase (24.81 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96rA8jeTWruC1466KB0ZQcseZIHshJ8_8CAPxwtVRwZmHJN9AXJoQKGTR1-L5pqTAlXgL3qdUXtrP8KC6r4rY0Kg6doN-5aTkBvHQ3HldUGv5j024tIMrb3_o_7Yfsd2GRqYL2iFoya0vok39OQldi_tsoFKXfrEwMhWBftJm3v-2pQXc4?testcase_id=6224178437160960 Additional requirements: Requires Gestures See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 3 2016
Not fixed. r633764 broke the PDF viewer's ability to load PDFs off disk.
,
Aug 3 2016
Err, meant to say r408654 / bug 633764 .
,
Oct 11 2016
,
Oct 2 2017
,
Oct 26 2017
Confirmed that this no longer reproduces.
,
Feb 3 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by f...@chromium.org
, Jun 6 2016Components: Internals>Plugins>PDF
Labels: M-52 Pri-1
Owner: hong_zh...@foxitsoftware.com
Status: Assigned (was: Available)