New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 657410 link

Starred by 1 user
Status: WontFix
Owner:
hong_zh...@foxitsoftware.com
Last visit > 30 days ago
Closed: Dec 2016
Cc:
ajha@chromium.org
thestig@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Direct-leak in FPDFAPI_inflateInit2_

Project Member Reported by ClusterFuzz, Oct 19 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5133919060230144

Fuzzer: libfuzzer_radamsa_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  FPDFAPI_inflateInit2_
  PixarLogSetupDecode
  PredictorSetupDecode
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=423381:423433

Minimized Testcase (2.42 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94wVKNvWnIxsYyGWcIQM75BW92TWqH3iD8xNYfIVEax3snNJorjKB2HFGq8V3LpkK9DANEFU88kLrdMMDuJBx0UFMbRvTsAxiVH_YzMpMKmSM96Rsez_1EwdnXxv11QhPe9iAVGs1JsDShs28jVsgh58UZP5w?testcase_id=5133919060230144

Issue manually filed by: ajha

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by ajha@chromium.org, Oct 19 2016

Cc: thestig@chromium.org
Components: Internals>Plugins>PDF
Labels: M-56 Te-Logged
Owner: hong_zh...@foxitsoftware.com
Status: Assigned (was: Untriaged)
Suspected CLs	Git blame below is NOT necessarily who introduced the crash nor the owner for it. Please check the code before assigning to anyone.(No CL in the regression range changed the crashing files.)

Author: John Abd-El-Malek
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/5110c4743751145c4ae1934cd1d83bc6c55bb43f
Time: Sat May 17 22:33:34 2014 -0700
The CL last changed line 209 of file inflate.c, which is stack frame 1.

Author: Bo Xu
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fdc00a7042d912aafaabddae4d9c84199921ef23
Time: Tue Oct 28 23:03:33 2014 -0700
The CL last changed line 704 of file tif_pixarlog.c, which is stack frame 2.

Author: Bo Xu
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fdc00a7042d912aafaabddae4d9c84199921ef23
Time: Tue Oct 28 23:03:33 2014 -0700
The CL last changed line 111 of file tif_predict.c, which is stack frame 3.

Author: Bo Xu
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fdc00a7042d912aafaabddae4d9c84199921ef23
Time: Tue Oct 28 23:03:33 2014 -0700
The CL last changed line 1001 of file tif_read.c, which is stack frame 4.

Author: Bo Xu
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fdc00a7042d912aafaabddae4d9c84199921ef23
Time: Tue Oct 28 23:03:33 2014 -0700
The CL last changed line 668 of file tif_read.c, which is stack frame 5.

Author: Lei Zhang
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/9c2c87d1c7443b4eeb3e439af7dc34f695bbd2c8
Time: Thu Jan 07 15:52:44 2016 -0800
The CL last changed line 803 of file tif_getimage.c, which is stack frame 6.

Author: Bo Xu
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fdc00a7042d912aafaabddae4d9c84199921ef23
Time: Tue Oct 28 23:03:33 2014 -0700
The CL last changed line 519 of file tif_getimage.c, which is stack frame 7.

Suspected Project: chromium-pdfium

hong_zhang@: Could you please take a look at this report for the similar assignment in  Issue 628553 .

Comment 2 Deleted

Comment 3 by hong_zh...@foxitsoftware.com, Oct 19 2016 

@ajha Yes I will.
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by ClusterFuzz, Dec 22 2016

Status: WontFix (was: Assigned)
ClusterFuzz testcase 5133919060230144 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment