c1 == FXSYS_round(c * 255) |
||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=4950998352396288 Fuzzer: libfuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: c1 == FXSYS_round(c * 255) AdobeCMYK_to_sRGB CPDF_DeviceCS::GetRGB Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=402692:402822 Minimized Testcase (0.43 Kb): Download: https://cluster-fuzz.appspot.com/download/AMIfv97tIolsHY7ldaC_fjikrNKCtQbBkYySn_e7tSNfpp9gvd6c0L1JYd5Q9mUV0kMlwsQUDAmZAPYj6GO0Tfh7Urh32Zad4rIyxjbrVmxTNTiNJai6mHCFQX647ScZWG0A_wCJ2QZTDXi_MjwSgy4uMcevoa44Iw?testcase_id=4950998352396288 %PDF-1.3 1 0 obj <</Pages 2 0 R/Type/Catalog>> 3 0 obj <</Dur 0/Parend 2 0 R/MediaBox[0 0 0 0]/pdftk_Pam 1/Contents 4 0 R/Type/Page/TID>> 2 0 obj <</ITXT(2.1.7)/Kids[3 0 R]/Count 1/Type/Pag endobj 4 0 obj <</Length 0>>stream e)n 6 00000000000 655 /Window k dobj endobj trailer <</Info 5 0 R/Root 1 0 R/Size 6/ID [<505e362ea1a284e632599314Mod8ate(D:20120817135334+02'00')>> endobj Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 26 2016
This is being investigated under this bug: https://bugs.chromium.org/p/pdfium/issues/detail?id=624 I don't think I can close this bug as a duplicate of that bug because they are in different projects. So, I'm inclined to leave this one open for now in order to represent the Chromium side of the issue. Note that while this should be addressed it is not actually a critical assert.
,
Nov 1 2016
,
Nov 7 2016
This is fixed. The following revision should have referred to this bug but I forgot to link it: https://pdfium.googlesource.com/pdfium.git/+/fcb1728c35f97a67fa0297f12bb13d3cafb01fe1 commit fcb1728c35f97a67fa0297f12bb13d3cafb01fe1 Author: brucedawson <brucedawson@chromium.org> Date: Tue Nov 01 18:22:25 2016 Fix founding difference in pdfium_test on AdobeCMYK_to_sRGB An optimization to speed up float-to-int rounding caused a different result for one input value. This tweaks the conversion constant so that the results are identical across the entire valid range, and adds a test that checks the part of the range that is most sensitive to errors. BUG=pdfium:624 Review-Url: https://codereview.chromium.org/2466203002 [modify] https://crrev.com/fcb1728c35f97a67fa0297f12bb13d3cafb01fe1/core/fxcodec/codec/fx_codec_icc.cpp [modify] https://crrev.com/fcb1728c35f97a67fa0297f12bb13d3cafb01fe1/core/fxcodec/codec/fx_codec_jpx_unittest.cpp
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 8 2017
ClusterFuzz has detected this issue as fixed in range 455091:455226. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4950998352396288 Fuzzer: libfuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: c1 == FXSYS_round(c * 255) AdobeCMYK_to_sRGB CPDF_DeviceCS::GetRGB Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=402692:402822 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=455091:455226 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94kiox0g0cftzidtlQp0L3pnuZ-uu8_rI-jxR-W2olNazVNkiNrKJlKHImr12IThJrWpYKz2lAuJIHSyBK840In8yVN2sTwg6_aPzzOrwKJp7k7T_DbH6wOMfIQ-J8u_I1D5NYkwAo9rLFgdaZJbMWiBYspG8llR49b3eaVVXi-gaMsn8CU9A6oVXMWIg3Om9noYCH27nIFoG3qm6hMfGfakb3P7vZHNYOe8MxCWuyLnv-3r_Dsu2iNzUBvBw4PVAGbU3ZUlbSZ5xPcE6gElQRhN7_xGT6RrrMb_QOW18XQvgJgikZVFqwyxegxMcaXi7wXQ4cbyKVRRNYPeU6kHo6C7QDiFgzT4NUNwbMODQcWcQDVIz8?testcase_id=4950998352396288 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 8 2017
,
Mar 9 2017
,
Nov 27 2017
ClusterFuzz testcase 5950095163129856 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mmohammad@chromium.org
, Oct 26 2016Status: Assigned (was: Untriaged)