Integer-overflow in CFX_FaceCache::RenderGlyph |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4957955940417536 Fuzzer: ochang_search_index_mutator Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CFX_FaceCache::RenderGlyph CFX_FaceCache::LookUpGlyphBitmap CFX_FaceCache::LoadGlyphBitmap Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=399086:399117 Minimized Testcase (2064.96 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96uWrORzmus5jToe8YAqsB50z6IbH5TMjimcYhgRfqPDqM0DYxCILhzBF6VhODye8kWhaWXaacO1wWVyLtlFhA8sHOlB21ePqy_pYDZsnuYonCR-BfiVnTFaG-ibPUBwz0luk_l75_OvbvGoV1AC3JxBUCUsSqfZDHoTQUFiRuFNtm8UyI?testcase_id=4957955940417536 Issue manually filed by: mummareddy See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Aug 22 2016
,
Aug 29 2016
,
Aug 31 2016
,
Aug 31 2016
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium.git/+/07146149674c61eaecf55cdfe6cdf7c31bbf0550 commit 07146149674c61eaecf55cdfe6cdf7c31bbf0550 Author: dsinclair <dsinclair@chromium.org> Date: Wed Aug 31 20:18:13 2016 Use CheckedNumeric for strength calculation. Update the calculation of the outlines bold strength to use a CheckedNum instead of an int. BUG= chromium:639506 Review-Url: https://codereview.chromium.org/2296193002 [modify] https://crrev.com/07146149674c61eaecf55cdfe6cdf7c31bbf0550/core/fxge/ge/cfx_facecache.cpp
,
Aug 31 2016
,
Aug 31 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2c5e4dadecb9b2dc01828b7ad88da1144efe44f7 commit 2c5e4dadecb9b2dc01828b7ad88da1144efe44f7 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Wed Aug 31 21:51:16 2016 Roll src/third_party/pdfium/ fc9b11358..21b111fcf (2 commits). https://pdfium.googlesource.com/pdfium.git/+log/fc9b11358a47..21b111fcf71e $ git log fc9b11358..21b111fcf --date=short --no-merges --format='%ad %ae %s' 2016-08-31 thestig Attempt to fix potential integer overflow in CFX_FaceCache::LoadGlyphPath(). 2016-08-31 dsinclair Use CheckedNumeric for strength calculation. BUG= 641333 , 639506 TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2300793002 Cr-Commit-Position: refs/heads/master@{#415766} [modify] https://crrev.com/2c5e4dadecb9b2dc01828b7ad88da1144efe44f7/DEPS
,
Sep 2 2016
ClusterFuzz has detected this issue as fixed in range 415740:415887. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4957955940417536 Fuzzer: ochang_search_index_mutator Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CFX_FaceCache::RenderGlyph CFX_FaceCache::LookUpGlyphBitmap CFX_FaceCache::LoadGlyphBitmap Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=399086:399117 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=415740:415887 Minimized Testcase (2064.96 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96uWrORzmus5jToe8YAqsB50z6IbH5TMjimcYhgRfqPDqM0DYxCILhzBF6VhODye8kWhaWXaacO1wWVyLtlFhA8sHOlB21ePqy_pYDZsnuYonCR-BfiVnTFaG-ibPUBwz0luk_l75_OvbvGoV1AC3JxBUCUsSqfZDHoTQUFiRuFNtm8UyI?testcase_id=4957955940417536 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mummare...@chromium.org
, Aug 19 2016Owner: npm@chromium.org
Status: Assigned (was: Untriaged)