Issue metadata
Sign in to add a comment
|
Memcpy-param-overlap in CCodec_ProgressiveDecoder::JpegReadMoreData |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5120504361123840 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x62100001899d) and [0x621000018063, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::StartDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (4.42 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94f4EqKRplF-uzjlaNYZK6zksETmNWLpSRM8h_LKBASd4L4axJT4dZbiFdcx0U7Md0qzx3oSa3n8lGf-XhHzXbJb0rVcg0NIVhEeJgSCawZZC6ICt6WT_fDN0F78xXaqHdwtV1B6s1hVmE1lHrwDt0R5XTfig?testcase_id=5120504361123840 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 21 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5568380933505024 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x621000018baa) and [0x621000017e56, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::ContinueDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (4.11 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94_dZHz80wxx3Df6j-JWtyorP1LI9mYyji2ZsF21mEsQDXXBRZ5njlJytrH-62UlDqDsUTZ12x9Phq9gCRuSTTfPfMBqeqi8HGEsQ2dvBnjm2xRAtcWQzkHz2u6CzJ4JpSvQx503JPOuRD0psdnoUW4Cs0SsQ?testcase_id=5568380933505024 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 22 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5910280798470144 Fuzzer: pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x62100001b900,0x62100001c8a6) and [0x62100001b95a, 0x62100001c900) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::DetectImageType CCodec_ProgressiveDecoder::LoadImageInfo Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (6.73 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95YIwWP0ZQ59hSFfVp6JMTMoahQyUWJCN7DuUI8b6xzczb1a__o88_oYr6aAp20lW7i0dBXgXEvhZYaGyYm6hZbb80nvb2zrF3F_6XoGCVoRHSez3ZjfrTZIjRp18NTfpXllrYiVA5Aq4VIvtecMSuvp4DeyQ?testcase_id=5910280798470144 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 22 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5910280798470144 Fuzzer: pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x62100001b900,0x62100001c8a6) and [0x62100001b95a, 0x62100001c900) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::DetectImageType CCodec_ProgressiveDecoder::LoadImageInfo Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (6.73 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95YIwWP0ZQ59hSFfVp6JMTMoahQyUWJCN7DuUI8b6xzczb1a__o88_oYr6aAp20lW7i0dBXgXEvhZYaGyYm6hZbb80nvb2zrF3F_6XoGCVoRHSez3ZjfrTZIjRp18NTfpXllrYiVA5Aq4VIvtecMSuvp4DeyQ?testcase_id=5910280798470144 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 24 2016
Looks like this is in PDFium. +ochang, can you please triage?
,
Jun 25 2016
,
Jul 6 2016
ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5120504361123840 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x62100001899d) and [0x621000018063, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::StartDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (4.42 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94f4EqKRplF-uzjlaNYZK6zksETmNWLpSRM8h_LKBASd4L4axJT4dZbiFdcx0U7Md0qzx3oSa3n8lGf-XhHzXbJb0rVcg0NIVhEeJgSCawZZC6ICt6WT_fDN0F78xXaqHdwtV1B6s1hVmE1lHrwDt0R5XTfig?testcase_id=5120504361123840 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 8 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5094050663497728 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000885500,0x621000886486) and [0x62100088557a, 0x621000886500) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::StartDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94XUwsk8w8ix4bm-HEz2up0z2Mqahs7O0FTHLDYp1LpuSmqIDSgBGzawDl7wMsskw5DvBIEXqVSxVsNSBE_Y7ejaPQp7eRh5F1wVBzMQneSZYFd6JhkrnkjZKp3aKej8lveQoENclEKXBvclZc2VbqLnnUQXA?testcase_id=5094050663497728 Filer: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6515127625187328 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x62100001891c) and [0x6210000180e4, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::ContinueDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Minimized Testcase (4.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv944TgG6Cy0xdaZ7As-yycNo9IlBbprjqRlImge8qdFyIL9h_p3TkKe5oi1yFcvF34plHg2nw9F7wL4bv3RgyKttKkxHvJP1wE3SQheQPNtKwjEiuro08V1ZHCIh8N_w-lYWDqoB_2aMtW-q9uV_KucMPB1nRg?testcase_id=6515127625187328 Filer: tanin See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 29 2016
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6498176899219456 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x621000018bf3) and [0x621000017e0d, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::StartDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Minimized Testcase (4.49 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96Bt7XtrZ_Y-HZkX6EhQSMMFPxtec19vmQ-y28BNhlr5VwrcDylfClGtQGZpT2z2F0K6PWkS8uKPkVkFVf1Y_dBgK5uCESETyEjO5mLBijqZe-pceQdfm1qywJzffW7cd0U-q8CekBtC1EPNV3AhD2fsKjktg?testcase_id=6498176899219456 Filer: tanin See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 1 2016
https://cs.chromium.org/chromium/src/third_party/pdfium/core/fxcodec/codec/fx_codec_progress.cpp?rcl=0&l=337 should clearly be memmove.
,
Sep 14 2016
ClusterFuzz has detected this issue as fixed in range 417985:418093. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6515127625187328 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x62100001891c) and [0x6210000180e4, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::ContinueDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=417985:418093 Minimized Testcase (4.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95T2oaFWQIOYlscK0muJnpXbicqfyI20JNrOZhJNhsnGUcmvKWkhyhdCAk6HzTRULQcVvN6LUUezQOtNJbkQ98izwGWecxgi7NOGkNpfmPnvJfFHmfnpjENgmdJxWMAc9JZ0Z0B_33znHIk3VTiWihs84QSXg?testcase_id=6515127625187328 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 14 2016
ClusterFuzz has detected this issue as fixed in range 417985:418093. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5568380933505024 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x621000018baa) and [0x621000017e56, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::ContinueDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=417985:418093 Minimized Testcase (4.11 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97zME-51K8YS96zhw3xbWpcOvQPDSz1Z2TQEIQa1-xKSsGkJE024nK6ppdstLpE1yKQusMlWjpNLugWDXe-Rzqo5QhXE_1J6tZ0rffh1xRi0BYa5XfT_Vcs0jniqFAz-5K8HP6Qevp5wuG8oOFNAgkBS367Qw?testcase_id=5568380933505024 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 14 2016
ClusterFuzz has detected this issue as fixed in range 417985:418093. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5094050663497728 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x621000018c86) and [0x621000017d7a, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::StartDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=417985:418093 Minimized Testcase (4.30 Kb): https://cluster-fuzz.appspot.com/download/AMIfv976mXIuZLDXZs60ZQxPv13FWPjMUDLnvbieaVCponBWJ6s5Bdi65IDwVLWE2_QrPw-FDAP99BhWSoYzyve0YYf2R5bx45i3RPtYRm5US2mZm1UzxJ3_HjwKzzaSLT_inVH1k_ByxC5uJMsjzRhOIstTkhBoxA?testcase_id=5094050663497728 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 14 2016
ClusterFuzz has detected this issue as fixed in range 417985:418093. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5910280798470144 Fuzzer: pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x62100001b900,0x62100001c8a6) and [0x62100001b95a, 0x62100001c900) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::DetectImageType CCodec_ProgressiveDecoder::LoadImageInfo Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=417985:418093 Minimized Testcase (6.73 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95YIwWP0ZQ59hSFfVp6JMTMoahQyUWJCN7DuUI8b6xzczb1a__o88_oYr6aAp20lW7i0dBXgXEvhZYaGyYm6hZbb80nvb2zrF3F_6XoGCVoRHSez3ZjfrTZIjRp18NTfpXllrYiVA5Aq4VIvtecMSuvp4DeyQ?testcase_id=5910280798470144 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 14 2016
ClusterFuzz has detected this issue as fixed in range 417985:418093. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6498176899219456 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x621000018bf3) and [0x621000017e0d, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::StartDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=417985:418093 Minimized Testcase (4.49 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94MryuL727ad8SAk3lPRMpnhCAnQt-9F0Pcq_WylLRLocAJHvAqzBDohXQZ-huNjpNwNHmDkXd3xFi3KmSgkvZaz9ishnnCQDqb0zndeooAhFLSkmYfhHMzHq3svXCbh80LLpjQuyJt69J1VwSKavIIRN9V3Q?testcase_id=6498176899219456 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 14 2016
ClusterFuzz has detected this issue as fixed in range 417985:418093. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6498176899219456 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Memcpy-param-overlap Crash Address: [0x621000017d00,0x621000018bf3) and [0x621000017e0d, 0x621000018d00) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::StartDecode XFACodecFuzzer::Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=417985:418093 Minimized Testcase (4.49 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94MryuL727ad8SAk3lPRMpnhCAnQt-9F0Pcq_WylLRLocAJHvAqzBDohXQZ-huNjpNwNHmDkXd3xFi3KmSgkvZaz9ishnnCQDqb0zndeooAhFLSkmYfhHMzHq3svXCbh80LLpjQuyJt69J1VwSKavIIRN9V3Q?testcase_id=6498176899219456 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 15 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 15 2016
,
Dec 22 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Jun 21 2016Components: Internals>Plugins>PDF
Labels: Pri-1