Issue metadata
Sign in to add a comment
|
Memcpy-param-overlap in CCodec_ProgressiveDecoder::JpegReadMoreData |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4775874488696832 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Memcpy-param-overlap Crash Address: [0x621000007900,0x6210000086e0) and [0x621000007b20, 0x621000008900) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::ContinueDecode Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=410288:412598 Minimized Testcase (8.99 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97_8ywfv4LVH_Ev4bYP2CkjhhPFByEM0aXc_KFZQ-NJkFFKg_XOsMITq5TKhIymvAEXBJalDCA8nvFc-fT_y6A6B9fGyqsCpVtexOglvmpoNIpiNBjpXU2BVYaN1l7uJib7PFayo43ayhdjLgyWw91cNBYvsQ?testcase_id=4775874488696832 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 9 2016
,
Sep 9 2016
@mbarbella Yes I will.
,
Sep 9 2016
Do we just need to switch to memmove() ?
,
Sep 9 2016
,
Sep 9 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 9 2016
,
Sep 9 2016
,
Sep 12 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/dee727c8ac26512c3f6fe852fdefb00186909a89 commit dee727c8ac26512c3f6fe852fdefb00186909a89 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Mon Sep 12 19:25:29 2016 Roll src/third_party/pdfium/ 1c62054a4..0b022056c (2 commits). https://pdfium.googlesource.com/pdfium.git/+log/1c62054a42cf..0b022056c74c $ git log 1c62054a4..0b022056c --date=short --no-merges --format='%ad %ae %s' 2016-09-12 tracy_jiang change memcpy to memmove for potential nearby addresses 2016-09-12 hong_zhang fix some uninitialized variables BUG= 645186 , 627399 TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2332793003 Cr-Commit-Position: refs/heads/master@{#418000} [modify] https://crrev.com/dee727c8ac26512c3f6fe852fdefb00186909a89/DEPS
,
Sep 13 2016
ClusterFuzz has detected this issue as fixed in range 417990:418014. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4775874488696832 Fuzzer: libfuzzer_pdf_codec_jpeg_fuzzer Job Type: mac_libfuzzer_chrome_asan Platform Id: mac Crash Type: Memcpy-param-overlap Crash Address: [0x621000007900,0x6210000086e0) and [0x621000007b20, 0x621000008900) Crash State: CCodec_ProgressiveDecoder::JpegReadMoreData CCodec_ProgressiveDecoder::ContinueDecode Fuzz Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=410288:412598 Fixed: https://cluster-fuzz.appspot.com/revisions?job=mac_libfuzzer_chrome_asan&range=417990:418014 Minimized Testcase (8.99 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97_8ywfv4LVH_Ev4bYP2CkjhhPFByEM0aXc_KFZQ-NJkFFKg_XOsMITq5TKhIymvAEXBJalDCA8nvFc-fT_y6A6B9fGyqsCpVtexOglvmpoNIpiNBjpXU2BVYaN1l7uJib7PFayo43ayhdjLgyWw91cNBYvsQ?testcase_id=4775874488696832 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 13 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Sep 13 2016
,
Oct 25 2016
,
Dec 20 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by mbarbe...@chromium.org
, Sep 8 2016Owner: hong_zh...@foxitsoftware.com
Status: Available (was: Untriaged)