Stack-overflow in CPDF_PSProc::Parse |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5637256872460288 Fuzzer: libfuzzer_pdf_psengine_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7fff80224c88 Crash State: CPDF_PSProc::Parse CPDF_PSProc::Parse CPDF_PSProc::Parse Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=413124:413277 Minimized Testcase (5.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97_kEmNol3qerSv8M5qX_sW_wXiKPduFpMIUJPP_v-6r-_7DZFZ1wXhuY-xdjBYVzDi0McL4I0gnZr_2EplCHcCcr8LChZTpIfeNCzrYqdC_HQQIfrDAVp-lz8Hzm9AVFTXC4AJc7j2Cf6xi8Fm0EbJL0jKjw?testcase_id=5637256872460288 Issue manually filed by: mmoroz See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 19 2016
,
Sep 20 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3947746c5c35687c2b340cdd5fe9e9daf7153803 commit 3947746c5c35687c2b340cdd5fe9e9daf7153803 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Tue Sep 20 13:55:56 2016 Roll src/third_party/pdfium/ 81e1e3fd2..717d1330b (2 commits). https://pdfium.googlesource.com/pdfium.git/+log/81e1e3fd2d33..717d1330bafb $ git log 81e1e3fd2..717d1330b --date=short --no-merges --format='%ad %ae %s' 2016-09-20 thestig Fix nullptr dereference in FPDF_GenerateAP(). 2016-09-20 tsepez Fix stack exhaustion in CPDF_PSProc::Parse() BUG= 645954 , 648059 TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2346163006 Cr-Commit-Position: refs/heads/master@{#419747} [modify] https://crrev.com/3947746c5c35687c2b340cdd5fe9e9daf7153803/DEPS
,
Sep 21 2016
ClusterFuzz has detected this issue as fixed in range 419732:419790. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5637256872460288 Fuzzer: libfuzzer_pdf_psengine_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7fff80224c88 Crash State: CPDF_PSProc::Parse CPDF_PSProc::Parse CPDF_PSProc::Parse Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=413124:413277 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=419732:419790 Minimized Testcase (5.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97_kEmNol3qerSv8M5qX_sW_wXiKPduFpMIUJPP_v-6r-_7DZFZ1wXhuY-xdjBYVzDi0McL4I0gnZr_2EplCHcCcr8LChZTpIfeNCzrYqdC_HQQIfrDAVp-lz8Hzm9AVFTXC4AJc7j2Cf6xi8Fm0EbJL0jKjw?testcase_id=5637256872460288 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Sep 21 2016
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||
►
Sign in to add a comment |
||||
Comment 1 by mmoroz@chromium.org
, Sep 18 2016Components: Internals>Plugins>PDF