Out of memory error in pdfium
Reported by
ehdgks7...@gmail.com,
Nov 13 2016
|
||||||||||
Issue description
VULNERABILITY DETAILS
This issue only affected 32-bit version of pdfium and window.
==3760==ERROR: AddressSanitizer failed to allocate 0x432c000 (70434816) bytes of LargeMmapAllocator (error code: 8)
==3760==Dumping process modules:
0x01350000-0x05844000 C:\Users\User\Desktop\asan-win32-release-431431\asan-win32-release-431431\pdfium_test.exe
0x62bd0000-0x62d3b000 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_d15682eeaf714889\GDIPLUS.DLL
0x72f00000-0x72f23000 C:\Windows\SYSTEM32\WINMMBASE.dll
0x72f30000-0x7306f000 C:\Windows\SYSTEM32\dbghelp.dll
0x73070000-0x73094000 C:\Windows\SYSTEM32\WINMM.dll
0x738a0000-0x73919000 C:\Windows\system32\uxtheme.dll
0x739c0000-0x739e1000 C:\Windows\SYSTEM32\DEVOBJ.dll
0x74c90000-0x74c9c000 C:\Windows\system32\kernel.appcore.dll
0x74ec0000-0x75037000 C:\Windows\system32\KERNELBASE.dll
0x75520000-0x75556000 C:\Windows\system32\cfgmgr32.dll
0x755b0000-0x755f4000 C:\Windows\system32\SHLWAPI.dll
0x75600000-0x75643000 C:\Windows\system32\sechost.dll
0x75760000-0x757db000 C:\Windows\system32\ADVAPI32.dll
0x757e0000-0x75935000 C:\Windows\system32\GDI32.dll
0x759d0000-0x759ff000 C:\Windows\system32\IMM32.DLL
0x75cf0000-0x75eaa000 C:\Windows\system32\combase.dll
0x75eb0000-0x75fe4000 C:\Windows\system32\USER32.dll
0x75ff0000-0x760b2000 C:\Windows\system32\RPCRT4.dll
0x76330000-0x763c5000 C:\Windows\system32\KERNEL32.DLL
0x76430000-0x764ee000 C:\Windows\system32\msvcrt.dll
0x76590000-0x766b0000 C:\Windows\system32\MSCTF.dll
0x77ad0000-0x77c4a000 C:\Windows\SYSTEM32\ntdll.dll
==3760==AddressSanitizer CHECK failed: E:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\sanitizer_common\sanitizer_common.cc:120 "((0 && "unable to mmap")) != (0)" (0x0, 0x0)
==3760==WARNING: Failed to use and restart external symbolizer!
#0 0x46f63d9 in __asan::AsanCheckFailed e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\asan\asan_rtl.cc:68
#1 0x46fce53 in __sanitizer::CheckFailed e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\sanitizer_common\sanitizer_termination.cc:79
#2 0x470a4ea in __sanitizer::ReportMmapFailureAndDie e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\sanitizer_common\sanitizer_common.cc:120
#3 0x46fe6b4 in __sanitizer::MmapOrDie e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\sanitizer_common\sanitizer_win.cc:93
#4 0x47017ee in __sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback>::Allocate e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\sanitizer_common\sanitizer_allocator_secondary.h:41
#5 0x47016fc in __sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator32<0,4294967296,16,__sanitizer::SizeClassMap<3,4,8,17,64,14>,20,__sanitizer::FlatByteMap<4096>,__asan::AsanMapUnmapCallback>,__sanitizer::SizeClassAllocatorLocalCache<__sanitizer::SizeClassAllocator32<0,4294967296,16,__sanitizer::SizeClassMap<3,4,8,17,64,14>,20,__sanitizer::FlatByteMap<4096>,__asan::AsanMapUnmapCallback> >,__sanitizer::LargeMmapAllocator<__asan::AsanMapUnmapCallback> >::Allocate e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\sanitizer_common\sanitizer_allocator_combined.h:58
#6 0x4701c37 in __asan::Allocator::Allocate e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\asan\asan_allocator.cc:401
#7 0x47049f8 in __asan::asan_malloc e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\asan\asan_allocator.cc:778
#8 0x46fa58c in malloc e:\b\build\slave\win_upload_clang\build\src\third_party\llvm\projects\compiler-rt\lib\asan\asan_malloc_win.cc:66
#9 0x3f1653b in opj_alloc_tile_component_data C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\tcd.c:629
#10 0x3f19f97 in opj_tcd_init_decode_tile C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\tcd.c:1070
#11 0x3ee917e in opj_j2k_read_tile_header C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c:8020
#12 0x3f00b88 in opj_j2k_decode_tiles C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c:9586
#13 0x3ee6032 in opj_j2k_exec C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c:7290
#14 0x3eef6a8 in opj_j2k_decode C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c:9814
#15 0x3f08f7e in opj_jp2_decode C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\jp2.c:1502
#16 0x3edb820 in opj_decode C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\openjpeg.c:412
#17 0x3e314b9 in CJPX_Decoder::Init C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fxcodec\codec\fx_codec_jpx_opj.cpp:773
#18 0x3e3322a in CCodec_JpxModule::CreateDecoder C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fxcodec\codec\fx_codec_jpx_opj.cpp:899
#19 0x3d4daa1 in CPDF_DIBSource::LoadJpxBitmap C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:626
#20 0x3d47d13 in CPDF_DIBSource::CreateDecoder C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:585
#21 0x3d4b08d in CPDF_DIBSource::StartLoadDIBSource C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:305
#22 0x3cd7f67 in CPDF_ImageCacheEntry::StartGetCachedBitmap C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_cache.cpp:281
#23 0x3cd7988 in CPDF_PageRenderCache::StartGetCachedBitmap C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_cache.cpp:130
#24 0x3d54a77 in CPDF_ImageLoaderHandle::Start C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:1494
#25 0x3d551b5 in CPDF_ImageLoader::Start C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:1545
#26 0x3cef783 in CPDF_ImageRenderer::StartLoadDIBSource C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_image.cpp:381
#27 0x3ceb9c6 in CPDF_ImageRenderer::Start C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_image.cpp:527
#28 0x3c6f4ed in CPDF_RenderStatus::ContinueSingleObject C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render.cpp:306
#29 0x3c7611c in CPDF_ProgressiveRenderer::Continue C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render.cpp:1045
#30 0x3b1c388 in FPDF_RenderPage_Retail C:\b\c\b\win_asan_release\src\third_party\pdfium\fpdfsdk\fpdfview.cpp:866
#31 0x3b1caaf in FPDF_RenderPageBitmap C:\b\c\b\win_asan_release\src\third_party\pdfium\fpdfsdk\fpdfview.cpp:598
#32 0x13598bd in RenderPage C:\b\c\b\win_asan_release\src\third_party\pdfium\samples\pdfium_test.cc:600
#33 0x135bb1b in RenderPdf C:\b\c\b\win_asan_release\src\third_party\pdfium\samples\pdfium_test.cc:794
#34 0x135cdd2 in main C:\b\c\b\win_asan_release\src\third_party\pdfium\samples\pdfium_test.cc:928
#35 0x47189f8 in __scrt_common_main_seh f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:253
#36 0x7634dea3 in BaseThreadInitThunk+0x23 (C:\Windows\system32\KERNEL32.DLL+0x6891dea3)
#37 0x77b205ad in RtlInitializeCriticalSectionAndSpinCount+0x29d (C:\Windows\SYSTEM32\ntdll.dll+0x6a2505ad)
#38 0x77b2057c in RtlInitializeCriticalSectionAndSpinCount+0x26c (C:\Windows\SYSTEM32\ntdll.dll+0x6a25057c)
#9 0x1cb20bab in opj_alloc_tile_component_data C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\tcd.c:629
#10 0x1cb24607 in opj_tcd_init_decode_tile C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\tcd.c:1070
#11 0x1caf380e in opj_j2k_read_tile_header C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c:8020
#12 0x1cb0b210 in opj_j2k_decode_tiles C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c:9586
#13 0x1caf06c2 in opj_j2k_exec C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c:7290
#14 0x1caf9d38 in opj_j2k_decode C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c:9814
#15 0x1cb1360e in opj_jp2_decode C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\jp2.c:1502
#16 0x1cae5ff0 in opj_decode C:\b\c\b\win_asan_release\src\third_party\pdfium\third_party\libopenjpeg20\openjpeg.c:412
#17 0x1ca3af39 in CJPX_Decoder::Init C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fxcodec\codec\fx_codec_jpx_opj.cpp:773
#18 0x1ca3cb7e in CCodec_JpxModule::CreateDecoder C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fxcodec\codec\fx_codec_jpx_opj.cpp:899
#19 0x1c943d21 in CPDF_DIBSource::LoadJpxBitmap C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:626
#20 0x1c93df93 in CPDF_DIBSource::CreateDecoder C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:585
#21 0x1c94130d in CPDF_DIBSource::StartLoadDIBSource C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:305
#22 0x1c8f3117 in CPDF_ImageCacheEntry::StartGetCachedBitmap C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_cache.cpp:281
#23 0x1c8f2b38 in CPDF_PageRenderCache::StartGetCachedBitmap C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_cache.cpp:130
#24 0x1c94ab39 in CPDF_ImageLoaderHandle::Start C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:1494
#25 0x1c94b277 in CPDF_ImageLoader::Start C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_loadimage.cpp:1545
#26 0x1c905dc3 in CPDF_ImageRenderer::StartLoadDIBSource C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_image.cpp:381
#27 0x1c902006 in CPDF_ImageRenderer::Start C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render_image.cpp:527
#28 0x1c871843 in CPDF_RenderStatus::ContinueSingleObject C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render.cpp:306
#29 0x1c878472 in CPDF_ProgressiveRenderer::Continue C:\b\c\b\win_asan_release\src\third_party\pdfium\core\fpdfapi\render\fpdf_render.cpp:1045
#30 0x1c78a89c in FPDF_RenderPage_Retail C:\b\c\b\win_asan_release\src\third_party\pdfium\fpdfsdk\fpdfview.cpp:866
#31 0x1c78fa44 in FPDF_RenderPageBitmap_Start C:\b\c\b\win_asan_release\src\third_party\pdfium\fpdfsdk\fpdf_progressive.cpp:55
#32 0x145a895b in chrome_pdf::PDFiumEngine::ContinuePaint C:\b\c\b\win_asan_release\src\pdf\pdfium\pdfium_engine.cc:2935
#33 0x145a7bc7 in chrome_pdf::PDFiumEngine::Paint C:\b\c\b\win_asan_release\src\pdf\pdfium\pdfium_engine.cc:1094
#34 0x145de93a in chrome_pdf::OutOfProcessInstance::OnPaint C:\b\c\b\win_asan_release\src\pdf\out_of_process_instance.cc:911
#35 0x146052a5 in PaintManager::DoPaint C:\b\c\b\win_asan_release\src\pdf\paint_manager.cc:237
#36 0x14606618 in PaintManager::OnFlushComplete C:\b\c\b\win_asan_release\src\pdf\paint_manager.cc:330
#37 0x14606add in pp::CompletionCallbackFactory<PaintManager,pp::ThreadSafeThreadTraits>::CallbackData<pp::CompletionCallbackFactory<PaintManager,pp::ThreadSafeThreadTraits>::Dispatcher0<void (PaintManager::*)(int) __attribute__((thiscall))> >::Thunk C:\b\c\b\win_asan_release\src\ppapi\utility\completion_callback_factory.h:584
#38 0x17ab64ee in ppapi::TrackedCallback::Run C:\b\c\b\win_asan_release\src\ppapi\shared_impl\tracked_callback.cc:136
#39 0x17a0ea07 in ppapi::proxy::Graphics2DResource::OnPluginMsgFlushACK C:\b\c\b\win_asan_release\src\ppapi\proxy\graphics_2d_resource.cc:159
#40 0x1bcf6bea in base::internal::Invoker<base::internal::BindState<void (extensions::(anonymous namespace)::NodeIDWrapper::*)(const v8::FunctionCallbackInfo<v8::Value> &) __attribute__((thiscall)),scoped_refptr<extensions::(anonymous namespace)::NodeIDWrapper> >,void (const v8::FunctionCallbackInfo<v8::Value> &)>::Run C:\b\c\b\win_asan_release\src\base\bind_internal.h:340
#41 0x179e44e3 in ppapi::proxy::PluginResourceCallback<IPC::MessageT<PpapiPluginMsg_FileRef_DeleteReply_Meta>,base::Callback<void (const ppapi::proxy::ResourceMessageReplyParams &),base::internal::CopyMode::Copyable,base::internal::RepeatMode::Repeating> >::Run C:\b\c\b\win_asan_release\src\ppapi\proxy\plugin_resource_callback.h:40
#42 0x17911cf8 in ppapi::proxy::PluginResource::OnReplyReceived C:\b\c\b\win_asan_release\src\ppapi\proxy\plugin_resource.cc:54
#43 0x1790b7bc in ppapi::proxy::PluginMessageFilter::DispatchResourceReply C:\b\c\b\win_asan_release\src\ppapi\proxy\plugin_message_filter.cc:116
ERROR: Failed to mmap
VERSION
Chrome Version: 54.0.2840.99 stable,
56.0.2916.0 (asan-win32-release-431431)
Operating System: Windows 10 Home x86
REPRODUCTION CASE
1. drag and drop (or use uri) poc.pdf to chrome.
2. after loading, resize chrome broswer(expand or reduce).
3. crash!
,
Nov 14 2016
in chrome 54.0.2840.99 stable, windbg message like : eax=001ec954 ebx=66997248 ecx=648c3d6c edx=00000016 esi=e0000008 edi=04329c40 eip=7595b760 esp=001ec954 ebp=001ec9a4 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 KERNELBASE!RaiseException+0x58: 7595b760 c9 leave 00 001ec9a4 65140210 e0000008 00000001 00000000 KERNELBASE!RaiseException+0x54 01 001ec9bc 64a7a602 04329c40 00000000 5d6dfd84 chrome_child!base::`anonymous namespace'::OnNoMemory+0x13 [c:\b\build\slave\win-pgo\build\src\base\process\memory_win.cc @ 41] 02 (Inline) -------- -------- -------- -------- chrome_child!base::allocator::WinCallNewHandler+0x10 [c:\b\build\slave\win-pgo\build\src\base\allocator\winheap_stubs_win.cc @ 66] 03 (Inline) -------- -------- -------- -------- chrome_child!?A0xd5497dd1::CallNewHandler+0x10 [c:\b\build\slave\win-pgo\build\src\base\allocator\allocator_shim.cc @ 65] 04 001ecaac 65c682a3 42c00870 001ecb10 001ecb00 chrome_child!ShimMalloc+0x919542 [c:\b\build\slave\win-pgo\build\src\base\allocator\allocator_shim.cc @ 178] 05 001ecb14 65c6537b 42c00870 42c00700 42c0078c chrome_child!opj_j2k_decode_tiles+0x138 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c @ 9586] 06 001ecb3c 65c67d15 42c00700 42c0078c 42c0078c chrome_child!opj_jp2_exec+0x28 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\third_party\libopenjpeg20\jp2.c @ 2247] 07 001ecb5c 65c64fdc 42c00870 42c00700 5d6dff08 chrome_child!opj_j2k_decode+0x7e [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\third_party\libopenjpeg20\j2k.c @ 9814] 08 001ecb7c 65c64241 42c007d0 42c00700 5d6dff08 chrome_child!opj_jp2_decode+0x24 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\third_party\libopenjpeg20\jp2.c @ 1488] 09 001ecb94 65c3db87 5d6dff08 00000000 42c00f38 chrome_child!opj_decode+0x1f [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\third_party\libopenjpeg20\openjpeg.c @ 412] 0a 001eec00 65c3d6df 00863d08 00004e2e 00830490 chrome_child!CJPX_Decoder::Init+0x16e [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fxcodec\codec\fx_codec_jpx_opj.cpp @ 764] 0b 001eec1c 65c0cc28 00863d08 00004e2e 0082b4f4 chrome_child!CCodec_JpxModule::CreateDecoder+0x2e [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fxcodec\codec\fx_codec_jpx_opj.cpp @ 887] 0c 001eec68 65c0b2be 42c00eb8 007f2f38 42c00e90 chrome_child!CPDF_DIBSource::LoadJpxBitmap+0x57 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_loadimage.cpp @ 626] 0d 001eeca0 65c0d46a 42c00e68 43bd0408 48ed0d18 chrome_child!CPDF_DIBSource::CreateDecoder+0x23e [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_loadimage.cpp @ 586] 0e 001eecc8 65c0326a 4f1a03b0 43bd0c68 00000001 chrome_child!CPDF_DIBSource::StartLoadDIBSource+0x175 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_loadimage.cpp @ 305] 0f 001eecf8 65c03303 00000000 48ed0688 00000000 chrome_child!CPDF_ImageCacheEntry::StartGetCachedBitmap+0x59 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_cache.cpp @ 283] 10 001eed34 65c0d2c3 43bd0c68 00000000 00000000 chrome_child!CPDF_PageRenderCache::StartGetCachedBitmap+0x6e [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_cache.cpp @ 130] 11 001eed64 65c0d27a 42c00e2c 43bd0ca0 48ed0d10 chrome_child!CPDF_ImageLoaderHandle::Start+0x42 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_loadimage.cpp @ 1497] 12 001eed9c 65bfe341 43bd0ca0 48ed0d10 42c00e68 chrome_child!CPDF_ImageLoader::Start+0x58 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_loadimage.cpp @ 1547] 13 001eedf8 65bfddbf 42c00288 43bd0ca0 42c00310 chrome_child!CPDF_ImageRenderer::StartLoadDIBSource+0x70 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_image.cpp @ 377] 14 001eee0c 65be1e93 42c00288 43bd0ca0 0082ba9c chrome_child!CPDF_ImageRenderer::Start+0x6e [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render_image.cpp @ 524] 15 001eee34 65be1d1d 43bd0ca0 0082ba9c 001eef4c chrome_child!CPDF_RenderStatus::ContinueSingleObject+0x8e [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render.cpp @ 303] 16 001eeebc 65be4126 001eef4c 007f2e80 001eef18 chrome_child!CPDF_ProgressiveRenderer::Continue+0x1cc [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render.cpp @ 1060] 17 001eeecc 65bbb296 001eef4c 3d900f20 008611b8 chrome_child!CPDF_ProgressiveRenderer::Start+0x22 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\core\fpdfapi\fpdf_render\fpdf_render.cpp @ 1021] 18 001eef18 65bc20ff 00000003 00000002 000003bb chrome_child!FPDF_RenderPage_Retail+0x214 [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\fpdfsdk\fpdfview.cpp @ 906] 19 001eef5c 65120026 00000003 00000002 000003bb chrome_child!FPDF_RenderPageBitmap_Start+0xba [c:\b\build\slave\win-pgo\build\src\third_party\pdfium\fpdfsdk\fpdf_progressive.cpp @ 57] 1a 001eefb8 65123fa1 0000002e 000003bb 0086b940 chrome_child!chrome_pdf::PDFiumEngine::ContinuePaint+0xec [c:\b\build\slave\win-pgo\build\src\pdf\pdfium\pdfium_engine.cc @ 2763] 1b 001ef050 6512a586 001ef0f4 007f0e70 001ef0c4 chrome_child!chrome_pdf::PDFiumEngine::Paint+0x176 [c:\b\build\slave\win-pgo\build\src\pdf\pdfium\pdfium_engine.cc @ 960] 1c 001ef164 6512f3dc 001ef1e4 001ef1ac 001ef1a0 chrome_child!chrome_pdf::OutOfProcessInstance::OnPaint+0x195 [c:\b\build\slave\win-pgo\build\src\pdf\out_of_process_instance.cc @ 803] 1d 001ef228 6512f7f0 0930ffc8 00000000 001ef248 chrome_child!PaintManager::DoPaint+0x128 [c:\b\build\slave\win-pgo\build\src\pdf\paint_manager.cc @ 215] 1e 001ef238 65b80e33 00000000 001ef280 001ef25c chrome_child!PaintManager::OnManualCallbackComplete+0x25 [c:\b\build\slave\win-pgo\build\src\pdf\paint_manager.cc @ 313] 1f (Inline) -------- -------- -------- -------- chrome_child!pp::CompletionCallbackFactory<plugin::Plugin,pp::ThreadSafeThreadTraits>::Dispatcher0<void (__thiscall plugin::Plugin::*)(int)>::operator()+0xc [c:\b\build\slave\win-pgo\build\src\ppapi\utility\completion_callback_factory.h @ 607] 20 001ef248 654fb765 0930ffc8 00000000 66b546b3 chrome_child!pp::CompletionCallbackFactory<plugin::Plugin,pp::ThreadSafeThreadTraits>::CallbackData<pp::CompletionCallbackFactory<plugin::Plugin,pp::ThreadSafeThreadTraits>::Dispatcher0<void (__thiscall plugin::Plugin::*)(int)> >::Thunk+0x22 [c:\b\build\slave\win-pgo\build\src\ppapi\utility\completion_callback_factory.h @ 586] 21 (Inline) -------- -------- -------- -------- chrome_child!PP_RunCompletionCallback+0xc [c:\b\build\slave\win-pgo\build\src\ppapi\c\pp_completion_callback.h @ 240] 22 001ef25c 654fba59 001ef29c 3d900f8c 00000000 chrome_child!ppapi::CallWhileUnlocked<void,PP_CompletionCallback *,int,PP_CompletionCallback *,int>+0x17 [c:\b\build\slave\win-pgo\build\src\ppapi\shared_impl\proxy_lock.h @ 135] 23 001ef288 654fbbdd 65b80e11 0930ffc8 00000000 chrome_child!ppapi::proxy::`anonymous namespace'::CallbackWrapper+0x70 [c:\b\build\slave\win-pgo\build\src\ppapi\proxy\ppb_core_proxy.cc @ 52] 24 (Inline) -------- -------- -------- -------- chrome_child!base::internal::FunctorTraits<void (__cdecl*)(PP_CompletionCallback,int),void>::Invoke+0x11 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 164] 25 (Inline) -------- -------- -------- -------- chrome_child!base::internal::InvokeHelper<0,void>::MakeItSo+0x11 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 283] 26 (Inline) -------- -------- -------- -------- chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl*)(PP_CompletionCallback,int),PP_CompletionCallback,int>,void __cdecl(void)>::RunImpl+0x11 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 346] 27 001ef2a8 654e9ed4 3d900f70 0086bce0 001ef2c8 chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl*)(PP_CompletionCallback,int),PP_CompletionCallback,int>,void __cdecl(void)>::Run+0x19 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 324] 28 (Inline) -------- -------- -------- -------- chrome_child!base::Callback<void __cdecl(void),1>::Run+0x5 [c:\b\build\slave\win-pgo\build\src\base\callback.h @ 388] 29 001ef2b8 65ab4063 0082ba40 00000000 001ef320 chrome_child!ppapi::internal::RunWhileLockedHelper<void __cdecl(void)>::CallWhileLocked+0x1d [c:\b\build\slave\win-pgo\build\src\ppapi\shared_impl\proxy_lock.h @ 199] 2a (Inline) -------- -------- -------- -------- chrome_child!base::internal::FunctorTraits<void (__cdecl*)(std::unique_ptr<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1>,std::default_delete<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1> > >),void>::Invoke+0x7 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 164] 2b (Inline) -------- -------- -------- -------- chrome_child!base::internal::InvokeHelper<0,void>::MakeItSo+0xa [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 283] 2c (Inline) -------- -------- -------- -------- chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl*)(std::unique_ptr<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1>,std::default_delete<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1> > >),base::internal::PassedWrapper<std::unique_ptr<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1>,std::default_delete<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1> > > > >,void __cdecl(void)>::RunImpl+0x25 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 346] 2d 001ef2c8 643422c6 42c00258 6434227c 001ef3c8 chrome_child!base::internal::Invoker<base::internal::BindState<void (__cdecl*)(std::unique_ptr<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1>,std::default_delete<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1> > >),base::internal::PassedWrapper<std::unique_ptr<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1>,std::default_delete<base::Callback<void __cdecl(scoped_refptr<media::VideoFrame> const &,base::TimeTicks),1> > > > >,void __cdecl(void)>::Run+0x29 [c:\b\build\slave\win-pgo\build\src\base\bind_internal.h @ 324] 2e 001ef2d0 6434227c 001ef3c8 001ef5c8 001ef660 chrome_child!base::Callback<void __cdecl(void),1>::Run+0x5 [c:\b\build\slave\win-pgo\build\src\base\callback.h @ 388] 2f 001ef320 64341f6a 6607f514 001ef3c8 001ef3d8 chrome_child!base::debug::TaskAnnotator::RunTask+0x6a [c:\b\build\slave\win-pgo\build\src\base\debug\task_annotator.cc @ 56] 30 001ef37c 64341acc 001ef3c8 007d5b98 007d5b88 chrome_child!base::MessageLoop::RunTask+0x78 [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc @ 489] 31 (Inline) -------- -------- -------- -------- chrome_child!base::MessageLoop::DeferOrRunPendingTask+0x14 [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc @ 497] 32 001ef508 643417e3 00000000 001ef5c8 001ef778 chrome_child!base::MessageLoop::DoWork+0x1bd [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc @ 621] 33 001ef544 645208a4 001ef5c8 660ef270 001ef6a8 chrome_child!base::MessagePumpDefault::Run+0x1d [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_pump_default.cc @ 36] 34 001ef590 6452085c 007bd780 00021d25 00000000 chrome_child!base::MessageLoop::RunHandler+0x34 [c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc @ 452] 35 001ef5b0 6469ff9e 001ef778 00000000 001ef784 chrome_child!base::RunLoop::Run+0x2c [c:\b\build\slave\win-pgo\build\src\base\run_loop.cc @ 36] 36 001ef734 6448373c 001ef778 007bfc10 007d33f8 chrome_child!content::PpapiPluginMain+0x194 [c:\b\build\slave\win-pgo\build\src\content\ppapi_plugin\ppapi_plugin_main.cc @ 146] 37 001ef754 644836b9 001ef7c0 007bfc10 ffffffff chrome_child!content::RunNamedProcessTypeMain+0x4d [c:\b\build\slave\win-pgo\build\src\content\app\content_main_runner.cc @ 418] 38 001ef7a4 6448307f 007baaf0 007bacb8 648043fa chrome_child!content::ContentMainRunnerImpl::Run+0x98 [c:\b\build\slave\win-pgo\build\src\content\app\content_main_runner.cc @ 786] 39 001ef7b0 648043fa 007bacb8 007bacc0 6610bb68 chrome_child!content::ContentMain+0x54 [c:\b\build\slave\win-pgo\build\src\content\app\content_main.cc @ 20] 3a 001ef7f0 0136529a 01360000 001ef810 007bacdc chrome_child!ChromeMain+0x6d [c:\b\build\slave\win-pgo\build\src\chrome\app\chrome_main.cc @ 91] 3b 001ef8ac 01361d59 01360000 00000000 01418984 chrome!MainDllLoader::Launch+0x2a1 [c:\b\build\slave\win-pgo\build\src\chrome\app\main_dll_loader_win.cc @ 182] 3c 001ef9e4 013c5d6e 01360000 00000000 007a1d40 chrome!wWinMain+0x179 [c:\b\build\slave\win-pgo\build\src\chrome\app\chrome_exe_main_win.cc @ 253] *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\kernel32.dll - 3d (Inline) -------- -------- -------- -------- chrome!invoke_main+0x1a [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 113] 3e 001efa30 771d3c45 7ffd7000 001efa7c 777c37eb chrome!__scrt_common_main_seh+0xfd [f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl @ 255] 3f 001efa3c 777c37eb 7ffd7000 779cee47 00000000 kernel32!BaseThreadInitThunk+0x12 40 001efa7c 777c37be 013c5de7 7ffd7000 ffffffff ntdll!RtlInitializeExceptionChain+0xef 41 001efa94 00000000 013c5de7 7ffd7000 00000000 ntdll!RtlInitializeExceptionChain+0xc2
,
Nov 14 2016
This looks like an out of memory condition that's not specific to ASAN - dsinclair@ - I'm not sure how hard we try to prevent these or handle them gracefully - mind taking a look if that's something we do?
,
Nov 15 2017
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue. Sorry for the inconvenience if the bug really should have been left as Available. If you change it back, also remove the "Hotlist-Recharge-Cold" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 26 2018
Sending to hnakashima@ for PE. Looks like the jpeg2k decoder?
,
Oct 12
,
Jan 11
Setting defect without priority to Pri-2. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by rickyz@chromium.org
, Nov 14 2016Owner: kcc@chromium.org