New issue
Advanced search Search tips

Issue 655457 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Oct 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: a FPE crash in pdfium

Reported by seuk...@gmail.com, Oct 13 2016 
VULNERABILITY DETAILS
Find a FPE crash in pdfium decoding jp2000

VERSION
Chrome not surpport. Only pdfium infected.

REPRODUCTION CASE
./pdfium_test SIGABRT.PC.7ffff6a73c37.STACK.1758042739.CODE.-6.ADDR.(nil).INSTR.cmp____$0xfffffffffffff000,%rax.fuzz

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: pdfium_test
Crash State: 
**************************************************************
Rendering PDF file /home/kimyok/fuzzing/SIGABRT.PC.7ffff6a73c37.STACK.1758042739.CODE.-6.ADDR.(nil).INSTR.cmp____$0xfffffffffffff000,%rax.fuzz.
Floating point exception (core dumped)
==============================================================
STACK:
 <0x00007ffff6a77028> [[UNKNOWN]():0]
 <0x00000000004e2506> [_ZN11__sanitizer5AbortEv():0]
 <0x00000000004dd795> [_ZN11__sanitizer3DieEv():0]
 <0x00000000004c8a17> [_ZN6__asan19ScopedInErrorReportD2Ev():0]
 <0x00000000004c5842> [_ZN6__asan18ReportDeadlySignalEPKcRKN11__sanitizer13SignalContextE():0]
 <0x00000000004c3f26> [_ZN6__asan18AsanOnDeadlySignalEiPvS0_():0]
 <0x00007ffff7028330> [[UNKNOWN]():0]
 <0x00000000006c7c98> [opj_pi_next_rpcl():367]
 <0x00000000006c3860> [opj_pi_next():1883]
 <0x00000000006e2b48> [opj_t2_decode_packets():412]
 <0x00000000006fccc0> [opj_tcd_t2_decode():1558]
 <0x00000000006fc9d2> [opj_tcd_decode_tile():1297]
 <0x000000000064d67c> [opj_j2k_decode_tile():8069]
 <0x000000000067b595> [opj_j2k_decode_tiles():9610]
 <0x000000000064417e> [opj_j2k_exec():7290]
 <0x000000000065726f> [opj_j2k_decode():9810]
 <0x000000000068f77f> [opj_jp2_decode():1488]
 <0x00000000006ac437> [opj_decode():412]
 <0x000000000294cbcf> [_ZN12CJPX_Decoder4InitEPKhj():764]
 <0x0000000002950714> [CreateDecoder():887]
 <0x00000000026dda7a> [LoadJpxBitmap():634]
 <0x00000000026d29ea> [CreateDecoder():594]
 <0x00000000026d8773> [StartLoadDIBSource():311]
 <0x00000000026ad139> [_ZN20CPDF_ImageCacheEntry20StartGetCachedBitmapEP15CPDF_DictionaryS1_ijiP17CPDF_RenderStatusii():280]
 <0x00000000026acb15> [StartGetCachedBitmap():131]
 <0x00000000026ec3c9> [_ZN22CPDF_ImageLoaderHandle5StartEP16CPDF_ImageLoaderPK16CPDF_ImageObjectP20CPDF_PageRenderCacheijiP17CPDF_RenderStatusii():1502]
 <0x00000000026ed54a> [_ZN16CPDF_ImageLoader5StartEPK16CPDF_ImageObjectP20CPDF_PageRenderCacheRP22CPDF_ImageLoaderHandleijiP17CPDF_RenderStatusii():1563]
 <0x00000000026bc694> [_ZN18CPDF_ImageRenderer18StartLoadDIBSourceEv():364]
 <0x00000000026b4bc1> [_ZN18CPDF_ImageRenderer5StartEP17CPDF_RenderStatusPK15CPDF_PageObjectPK10CFX_Matrixii():509]
 <0x000000000268f2f4> [ContinueSingleObject():284]
 <0x000000000269b7ab> [Continue():1026]
 <0x0000000002699ecb> [_ZN24CPDF_ProgressiveRenderer5StartEP9IFX_Pause():988]
 <0x000000000244aa16> [_Z22FPDF_RenderPage_RetailP14CRenderContextPviiiiiiiP19IFSDK_PAUSE_Adapter():886]
 <0x0000000002449821> [FPDF_RenderPageBitmap():621]
 <0x00000000005062bc> [RenderPage():552]
 <0x0000000000508b2d> [_Z9RenderPdfRKNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEPKcmRK7OptionsS7_():736]
 <0x000000000050b51e> [main():879]
 <0x00007ffff6a5ef45> [[UNKNOWN]():0]
 <0x0000000000423035> [_start():0]
 <0x0000000000000000> [[UNKNOWN]():0]
=====================================================================
SIGABRT.PC.7ffff6a73c37.STACK.1758042739.CODE.-6.ADDR.(nil).INSTR.cmp____$0xfffffffffffff000,%rax.fuzz
1.1 KB Download

Comment 1 by mmoroz@chromium.org, Oct 13 2016

Labels: Needs-Feedback
Cannot reproduce.

Comment 2 by mbarbe...@chromium.org, Oct 22 2016

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
The same comment I left on  issue 655447  applies here.

Sign in to add a comment