Issue metadata
Sign in to add a comment
|
Bad-cast to CPDF_Object from invalid vptr;CPDF_Creator::InitNewObjNumOffsets;CPDF_Creator::WriteDoc_Stage1 |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6673251834265600 Fuzzer: ifratric_acrojs Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x0890da4ca7b0 Crash State: Bad-cast to CPDF_Object from invalid vptr CPDF_Creator::InitNewObjNumOffsets CPDF_Creator::WriteDoc_Stage1 Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_chrome&range=429962:430084 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96JXI1t6Zvbiz1-2qkqKgx3jm5tIfXu0UXW_2MtiTTbiSD6-WAbDUasYa4nEf30jnPZd887y8ri73IKItjcpEmM53L2d7Pbmkzk5R25iDoK37AAJQrGZ6A4ctPQkev0v84MuY0wj7cUQQ0-QMWGesV1id4aKNuoyezPPHKdEfnku_o0Kuw?testcase_id=6673251834265600 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Nov 11 2016
,
Nov 11 2016
,
Nov 11 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 11 2016
,
Nov 11 2016
This is likely my change at https://pdfium.googlesource.com/pdfium/+/33fdebc3da676bff84d0fd0f69b9087c0c12dfeb
,
Nov 12 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/34a993902e8f5ca304ab9bf6de469c13dd6a0efc commit 34a993902e8f5ca304ab9bf6de469c13dd6a0efc Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Sat Nov 12 03:42:49 2016 Roll src/third_party/pdfium/ c40697b24..27e66753c (4 commits). https://pdfium.googlesource.com/pdfium.git/+log/c40697b24550..27e66753c8bd $ git log c40697b24..27e66753c --date=short --no-merges --format='%ad %ae %s' 2016-11-11 dsinclair IFWL cleanup in the Combo classes 2016-11-11 tsepez Fix unique ptrs in fpdfppo.cpp 2016-11-11 tsepez Add fpdfppo_embeddertest.cpp. 2016-11-11 npm Remove IFGAS_FontMgr and clean up (the renamed) CFGAS_FontMgr a little. BUG= 664284 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2492423002 Cr-Commit-Position: refs/heads/master@{#431761} [modify] https://crrev.com/34a993902e8f5ca304ab9bf6de469c13dd6a0efc/DEPS
,
Nov 12 2016
,
Nov 12 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 13 2016
ClusterFuzz has detected this issue as fixed in range 431691:431772. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6673251834265600 Fuzzer: ifratric_acrojs Job Type: linux_ubsan_vptr_chrome Platform Id: linux Crash Type: Bad-cast Crash Address: 0x0890da4ca7b0 Crash State: Bad-cast to CPDF_Object from invalid vptr CPDF_Creator::InitNewObjNumOffsets CPDF_Creator::WriteDoc_Stage1 Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_chrome&range=429962:430084 Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_ubsan_vptr_chrome&range=431691:431772 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96JXI1t6Zvbiz1-2qkqKgx3jm5tIfXu0UXW_2MtiTTbiSD6-WAbDUasYa4nEf30jnPZd887y8ri73IKItjcpEmM53L2d7Pbmkzk5R25iDoK37AAJQrGZ6A4ctPQkev0v84MuY0wj7cUQQ0-QMWGesV1id4aKNuoyezPPHKdEfnku_o0Kuw?testcase_id=6673251834265600 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Nov 13 2016
ClusterFuzz testcase is verified as fixed, closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 13 2016
,
Dec 16 2016
,
Feb 19 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rickyz@chromium.org
, Nov 11 2016Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)