Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in FPDFAPI_inflate_fast |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4528622608318464 Fuzzer: libfuzzer_radamsa_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address: 0x60d0000001a0 Crash State: FPDFAPI_inflate_fast FPDFAPI_inflate PixarLogDecode Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Minimized Testcase (1.69 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95c0c2Oj9JJXFGSmIsh6ULJUdo_zCoLL1Jzli8DLjg4GwDFZyXVFM7uVcPc9A8lyT1U59An0Pk_xkkOXYi3hjsIXvHqJfE848csLgbYc9xmv1H9s9AioUZggldxa-cSOlDlMHITwwvQreqT_E-vYxNVOc9Dtg?testcase_id=4528622608318464 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 12 2016
,
Oct 13 2016
,
Oct 13 2016
,
Oct 27 2016
dsinclair: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 28 2016
ClusterFuzz has detected this issue as fixed in range 427848:428120. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4528622608318464 Fuzzer: libfuzzer_radamsa_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address: 0x60d0000001a0 Crash State: FPDFAPI_inflate_fast FPDFAPI_inflate PixarLogDecode Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=400757:400887 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=427848:428120 Minimized Testcase (1.69 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95c0c2Oj9JJXFGSmIsh6ULJUdo_zCoLL1Jzli8DLjg4GwDFZyXVFM7uVcPc9A8lyT1U59An0Pk_xkkOXYi3hjsIXvHqJfE848csLgbYc9xmv1H9s9AioUZggldxa-cSOlDlMHITwwvQreqT_E-vYxNVOc9Dtg?testcase_id=4528622608318464 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 28 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 28 2016
,
Oct 30 2016
,
Oct 31 2016
Your change meets the bar and is auto-approved for M55 (branch: 2883)
,
Oct 31 2016
This is an XFA bug which is not enabled in any branch of Chrome. There is nothing to merge.
,
Oct 31 2016
**** Bulk edit - please ignore if not applicable **** Please merge your change to M55 branch 2883 today before 5:00 PM PT or latest by tomorrow, Tuesday (11/01/16) 4:00 PM PT so we can take it for this week Beta release.
,
Oct 31 2016
Removing "Merge-Approved-55" label based on comment #11.
,
Nov 7 2016
,
Feb 3 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mmoroz@chromium.org
, Oct 12 2016Components: Internals>Plugins>PDF
Labels: Pri-1
Owner: dsinclair@chromium.org
Status: Available (was: Untriaged)