Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in CXFA_Node::TryUserData |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5632985647022080 Uploader: inferno@chromium.org Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x229d9134 Crash State: CXFA_Node::TryUserData CXFA_LayoutProcessor::GetLayoutItem CScript_LayoutPseudoModel::Script_LayoutPseudoModel_PageImp Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_no_sandbox&range=397938:397951 Minimized Testcase (2237.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94mGS7gv_70E85-T97RBykfSEv7UKeaQac3Gs4bUMsyQ_c11V3uISiYU93KKOrZj2pc4otDn5MI8wimJDUDyeoeifgtddygy7NaOHLjDrIr3inTDmpSFBzeUmsGImD8L5iNdZT3nmcS3jkR7Zy2Zu2-uR8dowcm260Xovf2FiRJk4XBk4g Filer: ochang See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 6 2016
,
Jun 7 2016
Yes I will
,
Jun 8 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5632985647022080 Uploader: inferno@chromium.org Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x237d8fb4 Crash State: CXFA_Node::TryUserData CXFA_LayoutProcessor::GetLayoutItem CScript_LayoutPseudoModel::Script_LayoutPseudoModel_PageImp Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_no_sandbox&range=397938:397951 Minimized Testcase (2237.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv958m8tGdaFcTnZv0wqgffSgI_4rSH6Di3lrXhcxZHQkzaAO3SEJfZWR0mCMX-184BIAZISrtx0TSKnlPehkAx7LlMyr8FDDBCd4hXlfucfL8qANkgV0VtgUt-9I1xFCZWQJz3mBIxxswQzV5FzWEQBIufaK5Q1aTvCmJszCQ2NjD3aw_p4 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 8 2016
Issue 617841 has been merged into this issue.
,
Jun 10 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5632985647022080 Uploader: inferno@chromium.org Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x237d8fb4 Crash State: CXFA_Node::TryUserData CXFA_LayoutProcessor::GetLayoutItem CScript_LayoutPseudoModel::Script_LayoutPseudoModel_PageImp Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_chrome_no_sandbox&range=397938:397951 Minimized Testcase (2237.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv958m8tGdaFcTnZv0wqgffSgI_4rSH6Di3lrXhcxZHQkzaAO3SEJfZWR0mCMX-184BIAZISrtx0TSKnlPehkAx7LlMyr8FDDBCd4hXlfucfL8qANkgV0VtgUt-9I1xFCZWQJz3mBIxxswQzV5FzWEQBIufaK5Q1aTvCmJszCQ2NjD3aw_p4 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 22 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by f...@chromium.org
, Jun 6 2016Components: Internals>Plugins>PDF
Labels: M-53 Pri-1
Owner: hong_zh...@foxitsoftware.com
Status: Assigned (was: Available)