VULNERABILITY DETAILS
Find a double free crash in pdfium decoding jp2000
VERSION
Chrome not surpport. Only pdfium infected.
REPRODUCTION CASE
./pdfium_test SIGABRT.PC.7ffff6a73c37.STACK.144f4bff97.CODE.-6.ADDR.(nil).INSTR.cmp____$0xfffffffffffff000,%rax.fuzz
FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: pdfium_test
Crash State:
**************************************************************
Rendering PDF file /home/fuzzing/SIGABRT.PC.7ffff6a73c37.STACK.144f4bff97.CODE.-6.ADDR.(nil).INSTR.cmp____$0xfffffffffffff000,%rax.fuzz.
*** Error in `/home/kimyok/pdfium/pdfium_test': double free or corruption (out): 0x0000000003059540 ***
Aborted (core dumped)
==============================================================
STACK:
<0x00007ffff6a77028> [[UNKNOWN]():0]
<0x00000000004e2506> [_ZN11__sanitizer5AbortEv():0]
<0x00000000004dd795> [_ZN11__sanitizer3DieEv():0]
<0x00000000004c8a17> [_ZN6__asan19ScopedInErrorReportD2Ev():0]
<0x00000000004c8390> [_ZN6__asan18ReportGenericErrorEmmmmbmjb():0]
<0x00000000004c913e> [__asan_report_store4():0]
<0x000000000062fa87> [opj_dwt_interleave_v():273]
<0x0000000000626d92> [opj_dwt_decode_tile():614]
<0x0000000000625fc2> [opj_dwt_decode():482]
<0x00000000006fd1af> [opj_tcd_dwt_decode():1630]
<0x00000000006fca1a> [opj_tcd_decode_tile():1317]
<0x000000000064d67c> [opj_j2k_decode_tile():8069]
<0x000000000067b595> [opj_j2k_decode_tiles():9610]
<0x000000000064417e> [opj_j2k_exec():7290]
<0x000000000065726f> [opj_j2k_decode():9810]
<0x000000000068f77f> [opj_jp2_decode():1488]
<0x00000000006ac437> [opj_decode():412]
<0x000000000294cbcf> [_ZN12CJPX_Decoder4InitEPKhj():764]
<0x0000000002950714> [CreateDecoder():887]
<0x00000000026dda7a> [LoadJpxBitmap():634]
<0x00000000026d29ea> [CreateDecoder():594]
<0x00000000026d8773> [StartLoadDIBSource():311]
<0x00000000026ad139> [_ZN20CPDF_ImageCacheEntry20StartGetCachedBitmapEP15CPDF_DictionaryS1_ijiP17CPDF_RenderStatusii():280]
<0x00000000026acb15> [StartGetCachedBitmap():131]
<0x00000000026ec3c9> [_ZN22CPDF_ImageLoaderHandle5StartEP16CPDF_ImageLoaderPK16CPDF_ImageObjectP20CPDF_PageRenderCacheijiP17CPDF_RenderStatusii():1502]
<0x00000000026ed54a> [_ZN16CPDF_ImageLoader5StartEPK16CPDF_ImageObjectP20CPDF_PageRenderCacheRP22CPDF_ImageLoaderHandleijiP17CPDF_RenderStatusii():1563]
<0x00000000026bc694> [_ZN18CPDF_ImageRenderer18StartLoadDIBSourceEv():364]
<0x00000000026b4bc1> [_ZN18CPDF_ImageRenderer5StartEP17CPDF_RenderStatusPK15CPDF_PageObjectPK10CFX_Matrixii():509]
<0x000000000268f2f4> [ContinueSingleObject():284]
<0x000000000269b7ab> [Continue():1026]
<0x0000000002699ecb> [_ZN24CPDF_ProgressiveRenderer5StartEP9IFX_Pause():988]
<0x000000000244aa16> [_Z22FPDF_RenderPage_RetailP14CRenderContextPviiiiiiiP19IFSDK_PAUSE_Adapter():886]
<0x0000000002449821> [FPDF_RenderPageBitmap():621]
<0x00000000005062bc> [RenderPage():552]
<0x0000000000508b2d> [_Z9RenderPdfRKNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEPKcmRK7OptionsS7_():736]
<0x000000000050b51e> [main():879]
<0x00007ffff6a5ef45> [[UNKNOWN]():0]
<0x0000000000423035> [_start():0]
<0x0000000000000000> [[UNKNOWN]():0]
=====================================================================
|
Deleted:
SIGABRT.PC.7ffff6a73c37.STACK.144f4bff97.CODE.-6.ADDR.(nil).INSTR.cmp____$0xfffffffffffff000,%rax.fuzz
1.1 KB
|
|
|
SIGABRT.PC.7ffff6a73c37.STACK.144f4bff97.CODE.-6.ADDR.(nil).INSTR.cmp____$0xfffffffffffff000,%rax.fuzz
1.1 KB
Download
|
Comment 1 by seuk...@gmail.com
, Oct 13 2016