New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 633381 link

Starred by 1 user
Status: Fixed
Owner:
dsinclair@chromium.org
Closed: Aug 2016
Cc:
mummare...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Crash in FX_AllocOrDie

Project Member Reported by ClusterFuzz, Aug 1 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6515715572236288

Fuzzer: libfuzzer_pdf_codec_bmp_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e900007af5
Crash State:
  FX_AllocOrDie
  bmp_read_header
  CCodec_BmpModule::ReadHeader
  

Minimized Testcase (0.06 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95b3dvMFiGAhvpj192mKDmMg-ePu_GlWJcnT54Lz4pseYdsYpRsNdw9Lic_9HNu4eiAd3pKKs3zyuLSTTZVDJ9_9b3r60TlcfJtupA5jhHSqJk80Aq8Ue8hQtOoI8LkwwMhS8SILqQVkstx-YXBDBhoeUul8Q?testcase_id=6515715572236288

Filer: mummareddy

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by mummare...@chromium.org, Aug 1 2016

Labels: Te-Logged M-53
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)
From findit tool:

Author: dsinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/54d027dbbff8a0270531855082e4f61cb457c173
Time: Mon Jun 20 09:09:56 2016 -0700
The CL last changed line 1326 of file fx_codec_progress.cpp, which is stack frame 5.

Comment 2 by dsinclair@chromium.org, Aug 2 2016

Components: Internals>Plugins>PDF

Comment 3 by thestig@chromium.org, Aug 2 2016 

Is this an OOM? If yes, not sure what we can do about it. Maybe check the requested alloc size and fail if it is unreasonable? Switch to TryAlloc?

Comment 4 by dsinclair@chromium.org, Aug 2 2016

Status: Fixed (was: Assigned)
Fixed with https://codereview.chromium.org/2202283003/
Project Member

Comment 5 by bugdroid1@chromium.org, Aug 4 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aa065d9fed77b8cbdfe327b573e2f683c1ad6d6b

commit aa065d9fed77b8cbdfe327b573e2f683c1ad6d6b
Author: thestig <thestig@chromium.org>
Date: Thu Aug 04 13:52:19 2016

Roll PDFium ea3ff9e..a72ab5e

https://pdfium.googlesource.com/pdfium.git/+log/ea3ff9e..a72ab5e

BUG= 62625 , 603490 ,633002, 633381 
TBR=ochang@chromium.org

Review-Url: https://codereview.chromium.org/2216503002
Cr-Commit-Position: refs/heads/master@{#409771}

[modify] https://crrev.com/aa065d9fed77b8cbdfe327b573e2f683c1ad6d6b/DEPS
Project Member

Comment 6 by ClusterFuzz, Aug 5 2016 

ClusterFuzz has detected this issue as fixed in range 409755:409886.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6515715572236288

Fuzzer: libfuzzer_pdf_codec_bmp_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x03e900007af5
Crash State:
  FX_AllocOrDie
  bmp_read_header
  CCodec_BmpModule::ReadHeader
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=409755:409886

Minimized Testcase (0.06 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95b3dvMFiGAhvpj192mKDmMg-ePu_GlWJcnT54Lz4pseYdsYpRsNdw9Lic_9HNu4eiAd3pKKs3zyuLSTTZVDJ9_9b3r60TlcfJtupA5jhHSqJk80Aq8Ue8hQtOoI8LkwwMhS8SILqQVkstx-YXBDBhoeUul8Q?testcase_id=6515715572236288

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 7 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment