New issue
Advanced search Search tips

Issue 656145 link

Starred by 1 user
Status: Fixed
Owner:
tsepez@chromium.org
Closed: Oct 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug



Sign in to add a comment

Crash in CPDF_StreamContentParser::Handle_ExecuteXObject

Project Member Reported by ClusterFuzz, Oct 14 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5378629620203520

Fuzzer: attekett_surku_fuzzer
Job Type: windows_syzyasan_chrome
Platform Id: windows

Crash Type: UNKNOWN
Crash Address: 0x00000047
Crash State:
  CPDF_StreamContentParser::Handle_ExecuteXObject
  CPDF_StreamContentParser::OnOperator
  CPDF_StreamContentParser::Parse
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_syzyasan_chrome&range=425240:425278

Minimized Testcase (244.28 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95G2E-wKiFJybCP1tLh95gxRrLX_4KzubZmT6zKscCOJzsFGHZTZbJve4mak4XQwNdskhZIZ6Z1Pc7VS3idGAJy6Ni6Ix_rnixCIkvKS5hiRZ3Q2uUohWjfx4sE2-OtlqLtbPfn8q-6Z_3IrzuMJZDVL0-cYOQSVsEGALDbyAKfwLRyvac?testcase_id=5378629620203520

Issue manually filed by: mummareddy

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Comment 1 by mummare...@chromium.org, Oct 14 2016

Components: Internals>Plugins>PDF
Labels: M-56 Te-Logged
Owner: tsepez@chromium.org
Status: Assigned (was: Untriaged)
Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/271d9c0a85b50208baa8789ba6b245956317f719
Time: Thu Oct 13 11:29:04 2016 -0700
The CL last changed line 674 of file cpdf_streamcontentparser.cpp, which is stack frame 0.

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/271d9c0a85b50208baa8789ba6b245956317f719
Time: Thu Oct 13 11:29:04 2016 -0700
The CL last changed line 484 of file cpdf_streamcontentparser.cpp, which is stack frame 1.

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/271d9c0a85b50208baa8789ba6b245956317f719
Time: Thu Oct 13 11:29:04 2016 -0700
The CL last changed line 1461 of file cpdf_streamcontentparser.cpp, which is stack frame 2.

File cpdf_streamcontentparser.cpp is not accessible, so as per findit result assigning to tsepez@. could you please take a look and help us to find correct owner if it is not related your changes.

Comment 2 by tsepez@chromium.org, Oct 17 2016

Status: Fixed (was: Assigned)
Reverted in d5bd8a1.

Comment 3 by tsepez@chromium.org, Oct 17 2016

Status: Assigned (was: Fixed)
Hmmm.  This is separate from the above commit.  Re-investigating.

Comment 4 by tsepez@chromium.org, Oct 17 2016 

This would be 4e4d1a662b, I think.

Comment 5 by tsepez@chromium.org, Oct 17 2016 

err, d66f9d0b1 rather.  See https://codereview.chromium.org/2416733002
Project Member

Comment 6 by bugdroid1@chromium.org, Oct 18 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/07e02fdfc0f1cc746abebe68d40f730ed73fca9d

commit 07e02fdfc0f1cc746abebe68d40f730ed73fca9d
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Oct 18 02:22:54 2016

Roll src/third_party/pdfium/ 11e966a2d..c11287728 (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/11e966a2dd93..c11287728d15

$ git log 11e966a2d..c11287728 --date=short --no-merges --format='%ad %ae %s'
2016-10-17 tsepez Fix segv in AddImage()

BUG= 656145 

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2431453002
Cr-Commit-Position: refs/heads/master@{#425860}

[modify] https://crrev.com/07e02fdfc0f1cc746abebe68d40f730ed73fca9d/DEPS

Comment 7 by tsepez@chromium.org, Oct 18 2016

Status: Fixed (was: Assigned)
Project Member

Comment 8 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment