PDFium: Null Pointer Access in sycc422_to_rgb and sycc420_to_rgb
Reported by
stackexp...@gmail.com,
Sep 19 2016
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36 Steps to reproduce the problem: 1. Open test.pdf with Chrome. 2. Tab crashed. What is the expected behavior? no crash. What went wrong? pdfium crashed due to null pointer access in sycc422_to_rgb and sycc420_to_rgb. Did this work before? No Chrome version: 53.0.2785.116 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 23.0 r0 The attachment test.pdf will result in null pointer access in function sycc422_to_rgb. sycc420_to_rgb is similar but I will not upload a pdf document to demonstrate it.
,
Sep 19 2016
,
Sep 19 2016
I've uploaded a patch for this issue which is available at https://codereview.chromium.org/2351623002
,
Sep 19 2016
,
Sep 19 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5cc683b91a89206e131372bfd1435bcdda7c9589 commit 5cc683b91a89206e131372bfd1435bcdda7c9589 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Mon Sep 19 14:33:45 2016 Roll src/third_party/pdfium/ e9988dd65..a0ff010a3 (1 commit). https://pdfium.googlesource.com/pdfium.git/+log/e9988dd65e74..a0ff010a380c $ git log e9988dd65..a0ff010a3 --date=short --no-merges --format='%ad %ae %s' 2016-09-19 stackexploit Avoid nullptr access in sycc422_to_rgb and sycc420_to_rgb BUG= 648127 TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2351703002 Cr-Commit-Position: refs/heads/master@{#419452} [modify] https://crrev.com/5cc683b91a89206e131372bfd1435bcdda7c9589/DEPS
,
Sep 20 2016
,
Sep 20 2016
|
|||
►
Sign in to add a comment |
|||
Comment 1 Deleted