Issue metadata
Sign in to add a comment
|
Integer-overflow in CStretchEngine::CStretchEngine |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4897212719169536 Fuzzer: tokenfuzz_pdf_march16 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CStretchEngine::CStretchEngine CFX_ImageStretcher::StartStretch CFX_ImageStretcher::Start Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (1246.67 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95G1bVtaxFeRWR0KTfa5EUNpCnSHmKPLkfM-PVHANf-vLkHkdX3uaxse5Ub0xsoajItncBUIMl2uxcKI9Swq-_BQkGx-A4SmXJwOdu9PbFEed43O7H4wbbCh04PO-lQmRRE3boxvyZSJho55S5lzVQRp0Hi7NcVAa4xK41qpxu_YQL53qw Filer: ivancic See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jun 13 2016
Looks like find-it is wrong. The blamed CL just moves code around. Can we please re-run find-it?
,
Jul 6 2016
Moving this nonessential bug to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 15 2016
Author: thestig Project: chromium-pdfium Changelist: https://pdfium.googlesource.com/pdfium.git/+/9febfe6373f26d9e59eb1e137b88a2aeff5dc39a Time: Wed May 11 18:31:20 2016 -0700 The CL last changed line 855 of file fx_dib_engine.cpp, which is stack frame 1. @thestig: CC'ing you, request you to please take a look into it. Please help us to find an owner if not with respect to your change. Thanks.!
,
Jul 15 2016
ochang: Got time to take a look?
,
Aug 3 2016
ClusterFuzz has detected this issue as fixed in range 407167:409418. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4897212719169536 Fuzzer: tokenfuzz_pdf_march16 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CStretchEngine::CStretchEngine CFX_ImageStretcher::StartStretch CFX_ImageStretcher::Start Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=407167:409418 Minimized Testcase (1246.67 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95G1bVtaxFeRWR0KTfa5EUNpCnSHmKPLkfM-PVHANf-vLkHkdX3uaxse5Ub0xsoajItncBUIMl2uxcKI9Swq-_BQkGx-A4SmXJwOdu9PbFEed43O7H4wbbCh04PO-lQmRRE3boxvyZSJho55S5lzVQRp0Hi7NcVAa4xK41qpxu_YQL53qw?testcase_id=4897212719169536 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 3 2016
Not fixed. r633764 broke the PDF viewer's ability to load PDFs off disk.
,
Aug 3 2016
Err, meant to say r408654 / bug 633764 .
,
Aug 3 2016
ClusterFuzz has detected this issue as fixed in range 407167:409418. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4897212719169536 Fuzzer: tokenfuzz_pdf_march16 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CStretchEngine::CStretchEngine CFX_ImageStretcher::StartStretch CFX_ImageStretcher::Start Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=407167:409418 Minimized Testcase (1246.67 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95G1bVtaxFeRWR0KTfa5EUNpCnSHmKPLkfM-PVHANf-vLkHkdX3uaxse5Ub0xsoajItncBUIMl2uxcKI9Swq-_BQkGx-A4SmXJwOdu9PbFEed43O7H4wbbCh04PO-lQmRRE3boxvyZSJho55S5lzVQRp0Hi7NcVAa4xK41qpxu_YQL53qw?testcase_id=4897212719169536 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 3 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 3 2016
,
Aug 3 2016
ClusterFuzz has detected this issue as fixed in range 407167:409418. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4897212719169536 Fuzzer: tokenfuzz_pdf_march16 Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CStretchEngine::CStretchEngine CFX_ImageStretcher::StartStretch CFX_ImageStretcher::Start Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=407167:409418 Minimized Testcase (1246.67 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95G1bVtaxFeRWR0KTfa5EUNpCnSHmKPLkfM-PVHANf-vLkHkdX3uaxse5Ub0xsoajItncBUIMl2uxcKI9Swq-_BQkGx-A4SmXJwOdu9PbFEed43O7H4wbbCh04PO-lQmRRE3boxvyZSJho55S5lzVQRp0Hi7NcVAa4xK41qpxu_YQL53qw?testcase_id=4897212719169536 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 12 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by ranjitkan@chromium.org
, Jun 10 2016Components: Tools>Test>FindIt>CorrectResult
Labels: -Pri-1 -Type-Bug findit-for-crash Te-Logged M-53 Pri-2 Type-Bug-Regression
Owner: dsinclair@chromium.org
Status: Assigned (was: Available)