Issue 649278 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	npm@chromium.org
Closed:	Oct 2017
Cc:	mmoroz@chromium.org dsinclair@chromium.org
Components:	Internals>Plugins>PDF
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Stability-Crash Reproducible Clusterfuzz Stability-UndefinedBehaviorSanitizer Test-Predator-Auto-Components

Integer-overflow in CJBig2_TRDProc::decode_Arith

Project Member Reported by ClusterFuzz, Sep 22 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5972077683408896

Fuzzer: ochang_search_index_mutator
Job Type: linux_ubsan_chrome
Platform Id: linux

Crash Type: Integer-overflow
Crash Address: 
Crash State:
  CJBig2_TRDProc::decode_Arith
  CJBig2_Context::parseTextRegion
  CJBig2_Context::parseSegmentData
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027

Minimized Testcase (275.69 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95tgzC30_wgEaOQ-ibHHESptFk8kKgyDWdEhy8Tcp5NDFNWw5hA23fb_OBqYt4siPxWEl1KNs2WAmZk8u_6FKi0e3ngIpGEqcPqOnCHGPRVJOTpD_wxMTr-NSIcOdI20nmA_pKlD42Z1b9LAJXYM9JIlD_9dy6gvXUdeKr-f-BNoKVQC8g?testcase_id=5972077683408896

Issue manually filed by: mmoroz

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mmoroz@chromium.org, Sep 22 2016

Cc: thestig@chromium.org mmoroz@chromium.org
Components: Internals>Plugins>PDF

Comment 2 by thestig@chromium.org, Sep 22 2016

Cc: -thestig@chromium.org
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)

Comment 3 by infe...@chromium.org, Oct 11 2016

Labels: Pri-2

Comment 4 by thestig@chromium.org, Nov 22 2016

Owner: dsinclair@chromium.org

Punting PDF security-ish bugs.

Project Member

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 6 by ClusterFuzz, Oct 1 2017

Labels: Test-Predator-AutoComponents

Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.

Comment 7 by npm@chromium.org, Oct 23 2017

Cc: dsinclair@chromium.org
Owner: npm@chromium.org

I'll take this one.

Comment 8 by npm@chromium.org, Oct 24 2017

Status: Fixed (was: Assigned)

Comment 9 by npm@chromium.org, Oct 24 2017

https://pdfium-review.googlesource.com/c/pdfium/+/16550

Comment 10 by mbarbe...@chromium.org, Nov 7 2017

Labels: -Test-Predator-AutoComponents Test-Predator-Auto-Components

►

Issue 649278 link

Issue metadata

Integer-overflow in CJBig2_TRDProc::decode_Arith

Issue description

Comment 1 by mmoroz@chromium.org, Sep 22 2016

Comment 1 Deleted

Comment 2 by thestig@chromium.org, Sep 22 2016

Comment 2 Deleted

Comment 3 by infe...@chromium.org, Oct 11 2016

Comment 3 Deleted

Comment 4 by thestig@chromium.org, Nov 22 2016

Comment 4 Deleted

Comment 5 by sheriffbot@chromium.org, Nov 22 2016

Comment 5 Deleted

Comment 6 by ClusterFuzz, Oct 1 2017

Comment 6 Deleted

Comment 7 by npm@chromium.org, Oct 23 2017

Comment 7 Deleted

Comment 8 by npm@chromium.org, Oct 24 2017

Comment 8 Deleted

Comment 9 by npm@chromium.org, Oct 24 2017

Comment 9 Deleted

Comment 10 by mbarbe...@chromium.org, Nov 7 2017

Comment 10 Deleted

Sign in to add a comment