Integer-overflow in pp::Size::Enlarge |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6326951657865216 Fuzzer: tokenfuzz_pdf_curated Job Type: linux_ubsan_chrome Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: pp::Size::Enlarge chrome_pdf::PDFiumEngine::LoadPageInfo chrome_pdf::PDFiumEngine::ContinueLoadingDocument Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_chrome&range=370022:370027 Minimized Testcase (3015.00 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94a0Pfar0EhnHew8GZ3dptxBpXbXi0NHB3uoxwb2vWIzpLdi0GjRyw5dm7Uh2kQMIrM-PFZMy5F39PZ9rR7wyR8RJV4mpaIBOalJ3-lcBrjso0YhSt61QuEzjLdsYPvXpPFNn05v0Sg-6Xb89YrTsNM8o0U0bhtAv2_MxIsws4z_zWpRgw?testcase_id=6326951657865216 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 22 2016
Punting PDF security-ish bugs.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 23 2017
ClusterFuzz testcase 6326951657865216 is flaky and no longer crashes, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by mummare...@chromium.org
, Nov 10 2016Labels: Test-Predator-Wrong M-55
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)