Issue metadata
Sign in to add a comment
|
Negative-size-param in XFACodecFuzzer::Reader::ReadBlock |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5428087538057216 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFClientOpen Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (0.00 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95uEziqRXzB6Wnoy0J3_gv-uEF3Z3V7GRzlmEh6i62JKf-H2Ien_a4xntNDFfpW5pTMGib9BAgyD7WeN22adbXy29oEfNwJsD_27onAk_v58yTswY08vjLtJeXMt3hGwjQq9Tdey-KYBsiTWOxHkGTiNUNq-Q?testcase_id=5428087538057216 PE+ Additional requirements: Requires Gestures Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 21 2016
,
Jun 23 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6224577244168192 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadRawStrip1 Minimized Testcase (0.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95U3aOA1BB4gCY2cMm9T2auw-X1e8y5wp1A7cSuFJA9UzdIKh9nAIUuGZW3JsNVNdo_3UC4gJo6TTNQa-IF5cEJ4Y-FR_Hji19or3FoGYpTGB4j9DrbvIs53QnGc6-6qTSfPsO3h0w6r2ASwyt_kMFQ85FDGA?testcase_id=6224577244168192 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 6 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5428087538057216 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFClientOpen Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (0.00 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv95uEziqRXzB6Wnoy0J3_gv-uEF3Z3V7GRzlmEh6i62JKf-H2Ien_a4xntNDFfpW5pTMGib9BAgyD7WeN22adbXy29oEfNwJsD_27onAk_v58yTswY08vjLtJeXMt3hGwjQq9Tdey-KYBsiTWOxHkGTiNUNq-Q?testcase_id=5428087538057216 PE+ Additional requirements: Requires Gestures See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 6 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4650122592124928 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFClientOpen Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95cFPt9n8oVkfAakaK7g7H6_FmEeDP7Ko9aWHbmAjrLklEuC5wbIqH6tpDh9HYS4UAyVPOk6tANKkavXNuAoO9oP86CM98vnd9s-BQE9XD7j24SwnB8OjvcZaMfU-Om8WOs6AlTSCxjAekgE045qWBsDyFsfQ?testcase_id=4650122592124928 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 8 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4650122592124928 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFClientOpen Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95cFPt9n8oVkfAakaK7g7H6_FmEeDP7Ko9aWHbmAjrLklEuC5wbIqH6tpDh9HYS4UAyVPOk6tANKkavXNuAoO9oP86CM98vnd9s-BQE9XD7j24SwnB8OjvcZaMfU-Om8WOs6AlTSCxjAekgE045qWBsDyFsfQ?testcase_id=4650122592124928 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 8 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6004654010007552 Fuzzer: pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read OJPEGReadHeaderInfoSecTablesDcTable Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (2.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94YCKrjZDDZRdhRNBuL0X0KgpCIoCXt_MJHmx3pJZDKXWV3DiqTURLGx-o7O9g0Vf_SWk9H4oZ2syFCrgHkk7oj3BR1bdlz-tKrpFTahSVRhrUyRM2V1UsiNElxD3x7L0Lh3b56q-y9QBUAxHfHQ2H7ku8etQ?testcase_id=6004654010007552 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 12 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5117301301182464 Fuzzer: afl_pdf_codec_tiff_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFFetchDirectory Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96F739rCa6pEWQOrw6NUrBSpLCuUwjjM1slAm9_Ltrd7n6rfmT0aiBqUzMY1ypbF-z-ZGjdsqYcybqvVFVC_PccgMnsjBZ_KU6RqfPZNII8ZkLwIbaaGiFbMHoPn6qZsIJ0UCvxdU5-UW-FNQjkPMWhX1nwpQ?testcase_id=5117301301182464 Filer: mmoroz See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Jul 12 2016
,
Jul 13 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5294541129383936 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFFetchDirectory Minimized Testcase (0.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94PJCK0ucNfmr0FFvFq_gut1YVMgT2WXKzh8id1bd_2sBYsaqWDBT4_2sxnc3TCE9uCFW80qItzcTbvP7yw0d8G3EGqPPyqcPWO9plDx-3LXxqVvdoZ9wQruWYkdoER0lKj9GsnqNnK1K9SpyfIEU1Twm2uHw?testcase_id=5294541129383936 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408535:408588. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5294541129383936 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFFetchDirectory Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408535:408588 Minimized Testcase (0.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96GXIRIYWI2E9XNhurxLxgEIRYTi6FeoTCG1OU34sQjyOgRkN6VwJQcNVGEYei8CJGOmMfbKPuICHmFDl5N2XFqV6WkOkJvlzQ0FTxIxquw9d9wt8EOrBBO6uN4hgfegsKwWc8k48eq9mxA-E_i9SVABXgGFQ?testcase_id=5294541129383936 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408652:408744. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6224577244168192 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadRawStrip1 Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408652:408744 Minimized Testcase (0.40 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97qfrtizUl0sPovnyp8yYGW13xQdwZ_QiAfM7OoRTKiP6ByLwtwdSin2WZ4u4_DXPFkYFYEyz5QXLSqiLWIuJc8vmOn7Lj0u3b67onNtBI8dyvNKQewfPXZm7htAe9cCHDX7PCxRTSqsy6Wdf_JdLMCEiGFoQ?testcase_id=6224577244168192 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 31 2016
ClusterFuzz has detected this issue as fixed in range 408389:408457. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6004654010007552 Fuzzer: pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read OJPEGReadHeaderInfoSecTablesDcTable Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=408389:408457 Minimized Testcase (2.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96FoDmKi8QMT00kSXWFMmPfoH2vouzomECq89mbAA5XM78Z4B53gq_FTVtZxsswd9ryoPrappUpv80nZLddiFc6esWzCikCyEEqSGwOdfQRuMPNI98TK8UnOVajlFM0bVkJ9KZi23lHdFEb3Y7tQR8j1Ltc2A?testcase_id=6004654010007552 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6497264602447872 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadRawStrip1 Minimized Testcase (0.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94PAXsdzqGaLJYTDJ-as1xGvcnxxCTD69BIXIaYajxskDaP2MFX0MLWDsJwkcs1X9spYrjHPrVBUIGgLZZ_4LtZuLzg6kP-GhopLcO9f77TxLqcJkdeMqUsoRJ-WNceWv4RrIjdsZrai0ilfbypEbLD4ny4LA?testcase_id=6497264602447872 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5300222857314304 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read OJPEGReadHeaderInfoSecTablesAcTable Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (0.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95sy_nvY77B6woFPdBK7Ohk8BB9JvdX58K2Zc3EkisTWoNMviOQnKUiLnwwRfYtD6z8XqsA2ew8Q0Rvh2Thy27CPdvgTMKTbVgRty3JKOI7iamHZQzfF40f1e9SQS4mrVu3I1HqI9buXGr10ceOOnNkYVOGzw?testcase_id=5300222857314304 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5319734046490624 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadDirEntryArray Minimized Testcase (0.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96PSOSoLgd1AIiw0KbA7GTjADyDpVbUsMgi01_LuobOgsFWbL2MsTzRo6K4U_ZubAnFo7Fkxl88Xe5V5PpupongOSMlVQbs--XbTV-5cJAVTmcn6dezdcvRzt7saESg7VeAk5Mr56YHNmrZrxLKkzHgGbWcDQ?testcase_id=5319734046490624 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6566087502331904 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadDirEntryCheckedRational Minimized Testcase (0.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96AWwjwV-CTQ6VwxqOFPpigkfctjLM179vUMj806ScRRL7P7NiSV4b0HM2y5EGdU-OAUvmwinRma2MLhJTT8tH_defDNf7ekhJSApnlLXaNkv0LjTSgX7FJP9Dit3OwOATO4F8TdhfR1B3p3SSNfiRrkmuKvg?testcase_id=6566087502331904 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6539686187368448 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read JPEGFixupTagsSubsamplingReadByte Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Minimized Testcase (1.85 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95xEbl79Odq1modg7x22XCRCu8a025_-ipBMWXiJZwvc_4GXXRMndqQ9gVZyZ3eTF16QMokY7kXsonY_VbW_bMfsxTilkv8RVsZJ-ETMmQh0h445Wcos-egZbLJvDD76N3QYHfwAxbcf51f0Q1BlJyYoPrmfA?testcase_id=6539686187368448 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6059975384498176 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadDirEntryData Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=409160:409173 Minimized Testcase (1.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97J1YO8bhUOpMsg7jaJmY449CXtdRqW4xfTPR7Nn4ChZn52L-yUMw8KJboZxqlDM-toVi0cwde4XtEhDrzu33HFmfY7YB8bCXKSrwMMTqFLxhZ78rpfJ3Whoz7-YlOIVftXRI94uQDof490Tgz6Z14EJGePXA?testcase_id=6059975384498176 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6245814586572800 Fuzzer: afl_pdf_codec_tiff_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFClientOpen Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94WX56uVJctT5OhX_jlwevg4kd2Av5Ymtkk1mjBtizaly0P2F0qp569H8UyVyCM6LO8R94ta-w6z0-ScvbcjntaFU-UhDqTzFTQbkMKkutbfOPEWE6y20ESrtXQHF8hWYwXQuQFPgjHc3o1ybd2kKZTtp-v6w?testcase_id=6245814586572800 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 1 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4723330720727040 Fuzzer: afl_pdf_codec_tiff_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFFetchDirectory Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94KCkfaBRW9s4O5T1n7Dxmof5mkWRzDfWAftzuACxhEyzEIafCk0DpNwM7L8k04LcExBzgroTE-yQY_VVlVRxlLNVvuJT57ElpfhFzzGAsxLaFCbCeIMVomT-W4U9IigfYqMCoL-TwGhkro60d6dskuZ_t1Lg?testcase_id=4723330720727040 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 3 2016
ClusterFuzz has detected this issue as fixed in range 410288:412598. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6497264602447872 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadRawStrip1 Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=410288:412598 Minimized Testcase (0.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94PAXsdzqGaLJYTDJ-as1xGvcnxxCTD69BIXIaYajxskDaP2MFX0MLWDsJwkcs1X9spYrjHPrVBUIGgLZZ_4LtZuLzg6kP-GhopLcO9f77TxLqcJkdeMqUsoRJ-WNceWv4RrIjdsZrai0ilfbypEbLD4ny4LA?testcase_id=6497264602447872 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 3 2016
ClusterFuzz has detected this issue as fixed in range 410288:412598. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6566087502331904 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadDirEntryCheckedRational Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=410288:412598 Minimized Testcase (0.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96AWwjwV-CTQ6VwxqOFPpigkfctjLM179vUMj806ScRRL7P7NiSV4b0HM2y5EGdU-OAUvmwinRma2MLhJTT8tH_defDNf7ekhJSApnlLXaNkv0LjTSgX7FJP9Dit3OwOATO4F8TdhfR1B3p3SSNfiRrkmuKvg?testcase_id=6566087502331904 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 3 2016
ClusterFuzz has detected this issue as fixed in range 410288:412598. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5319734046490624 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadDirEntryArray Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=410288:412598 Minimized Testcase (0.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96PSOSoLgd1AIiw0KbA7GTjADyDpVbUsMgi01_LuobOgsFWbL2MsTzRo6K4U_ZubAnFo7Fkxl88Xe5V5PpupongOSMlVQbs--XbTV-5cJAVTmcn6dezdcvRzt7saESg7VeAk5Mr56YHNmrZrxLKkzHgGbWcDQ?testcase_id=5319734046490624 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 3 2016
,
Oct 3 2016
dsinclair: Uh oh! This issue still open and hasn't been updated in the last 104 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 3 2016
,
Oct 3 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 3 2016
inferno@ the XFA code is currently disabled on all Chromium branches. There should be no security impact to a shipping browser.
,
Oct 3 2016
Removing ReleaseBlock-Beta as XFA is not enabled in beta.
,
Oct 3 2016
,
Oct 4 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 4 2016
Please stop adding Release-Block-Beta. XFA is not enabled in any branch of chromium so this should not block release.
,
Oct 4 2016
Need to add ReleaseBlock-NA
,
Oct 4 2016
,
Oct 4 2016
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium.git/+/fb403875dd1bbf830d9325f10e6a5650db30c6fd commit fb403875dd1bbf830d9325f10e6a5650db30c6fd Author: dsinclair <dsinclair@chromium.org> Date: Tue Oct 04 19:38:18 2016 Make sure the fuzzer read size does not go negative. When fuzzing the image formats, its possible to get a read request which would go negative. Handle the request and return FALSE for the read. BUG= chromium:621836 Review-Url: https://codereview.chromium.org/2386343002 [modify] https://crrev.com/fb403875dd1bbf830d9325f10e6a5650db30c6fd/testing/libfuzzer/xfa_codec_fuzzer.h
,
Oct 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d1a865bae59d61b2cf626efa124b688d7d63b2a2 commit d1a865bae59d61b2cf626efa124b688d7d63b2a2 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Tue Oct 04 22:14:32 2016 Roll src/third_party/pdfium/ 89f9ee3b8..98151cab3 (10 commits). https://pdfium.googlesource.com/pdfium.git/+log/89f9ee3b8f3b..98151cab3d24 $ git log 89f9ee3b8..98151cab3 --date=short --no-merges --format='%ad %ae %s' 2016-10-04 dsinclair Cleanup DEPS files 2016-10-04 dsinclair Fix fuzzer paths 2016-10-04 npm Avoid crashing on CPDF_ToUnicodeMap::Load by using ValueOrDefault() 2016-10-04 dsinclair Make sure the fuzzer read size does not go negative. 2016-10-04 dsinclair Move core/fpdfapi/fpdf_render to core/fpdfapi/render 2016-10-04 dsinclair Move core/fpdfapi/fpdf_parser to core/fpdfapi/parser 2016-10-04 dsinclair Move core/fpdfapi/fpdf_page to core/fpdfapi/page 2016-10-04 dsinclair Move core/fpdfapi/fpdf_font to core/fpdfapi/font 2016-10-04 dsinclair Move core/fpdfapi/fpdf_edit to core/fpdfapi/edit 2016-10-04 dsinclair Move core/fpdfapi/fpdf_cmaps to core/fpdfapi/cmaps BUG= 621836 TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2393643003 Cr-Commit-Position: refs/heads/master@{#422958} [modify] https://crrev.com/d1a865bae59d61b2cf626efa124b688d7d63b2a2/DEPS
,
Oct 5 2016
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422880:422991. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6539686187368448 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read JPEGFixupTagsSubsamplingReadByte Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=422880:422991 Minimized Testcase (1.85 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95xEbl79Odq1modg7x22XCRCu8a025_-ipBMWXiJZwvc_4GXXRMndqQ9gVZyZ3eTF16QMokY7kXsonY_VbW_bMfsxTilkv8RVsZJ-ETMmQh0h445Wcos-egZbLJvDD76N3QYHfwAxbcf51f0Q1BlJyYoPrmfA?testcase_id=6539686187368448 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422882:422996. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6245814586572800 Fuzzer: afl_pdf_codec_tiff_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFClientOpen Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404 Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=422882:422996 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94WX56uVJctT5OhX_jlwevg4kd2Av5Ymtkk1mjBtizaly0P2F0qp569H8UyVyCM6LO8R94ta-w6z0-ScvbcjntaFU-UhDqTzFTQbkMKkutbfOPEWE6y20ESrtXQHF8hWYwXQuQFPgjHc3o1ybd2kKZTtp-v6w?testcase_id=6245814586572800 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422880:422991. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6059975384498176 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFReadDirEntryData Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=409160:409173 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=422880:422991 Minimized Testcase (1.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97J1YO8bhUOpMsg7jaJmY449CXtdRqW4xfTPR7Nn4ChZn52L-yUMw8KJboZxqlDM-toVi0cwde4XtEhDrzu33HFmfY7YB8bCXKSrwMMTqFLxhZ78rpfJ3Whoz7-YlOIVftXRI94uQDof490Tgz6Z14EJGePXA?testcase_id=6059975384498176 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422882:422996. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5117301301182464 Fuzzer: afl_pdf_codec_tiff_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFFetchDirectory Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404 Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=422882:422996 Minimized Testcase (0.01 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96hvZLS0OiVvTjcHWd5LN9iHpbjawWSkRUlJDXiQnfe7rXInDf0_a8MkbaK31cwSOaCRB9juD1nc6wv32Z1ksC8Mn3Hbf1Ih8EJqJcFETEwuZry9ns67Fm8iC5p2bHn20aLAIpJMvx9D1ivGjJRwTgQTGkg8w?testcase_id=5117301301182464 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422880:422991. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5300222857314304 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read OJPEGReadHeaderInfoSecTablesAcTable Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=422880:422991 Minimized Testcase (0.45 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95sy_nvY77B6woFPdBK7Ohk8BB9JvdX58K2Zc3EkisTWoNMviOQnKUiLnwwRfYtD6z8XqsA2ew8Q0Rvh2Thy27CPdvgTMKTbVgRty3JKOI7iamHZQzfF40f1e9SQS4mrVu3I1HqI9buXGr10ceOOnNkYVOGzw?testcase_id=5300222857314304 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422882:422996. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4723330720727040 Fuzzer: afl_pdf_codec_tiff_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFFetchDirectory Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=402185:402404 Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=422882:422996 Minimized Testcase (0.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94KCkfaBRW9s4O5T1n7Dxmof5mkWRzDfWAftzuACxhEyzEIafCk0DpNwM7L8k04LcExBzgroTE-yQY_VVlVRxlLNVvuJT57ElpfhFzzGAsxLaFCbCeIMVomT-W4U9IigfYqMCoL-TwGhkro60d6dskuZ_t1Lg?testcase_id=4723330720727040 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 5 2016
ClusterFuzz has detected this issue as fixed in range 422880:422991. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4650122592124928 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash State: XFACodecFuzzer::Reader::ReadBlock tiff_read TIFFClientOpen Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=422880:422991 Minimized Testcase (0.00 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97rzu5xSDyAJJ9BzvMzmJAVLBs1QZn2WCmETlsdEGmqoA6TWVNBI87-51icAezxcwZruVC3VK1IweoI3qtHcDtUKICKv6eipnOEQzgSAt5z3koEj4Mmj5SNpW33AWpDOjnqQfL0kgJWKMyuU6UIvMvaGxE42Q?testcase_id=4650122592124928 PE+ See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Jun 21 2016Components: Internals>Plugins>PDF