New issue
Advanced search Search tips

Issue 665056 link

Starred by 1 user
Status: Fixed
Owner:
dsinclair@chromium.org
Closed: Mar 2017
Cc:
weili@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Hang in pdf_codec_jbig2_fuzzer

Project Member Reported by ClusterFuzz, Nov 14 2016

Comment 1 by mmohammad@chromium.org, Nov 14 2016

Cc: weili@chromium.org
Labels: Test-Predator-Wrong-CLs
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)
dsinclair@ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !
Project Member

Comment 2 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 3 by ClusterFuzz, Mar 16 2017

Labels: OS-Linux

Comment 4 by dsinclair@chromium.org, Mar 28 2017

Status: Started (was: Assigned)
https://pdfium-review.googlesource.com/c/3244/
Project Member

Comment 5 by bugdroid1@chromium.org, Mar 28 2017 

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/eed6421dc45a5cc74986b2ef0870974c829f829e

commit eed6421dc45a5cc74986b2ef0870974c829f829e
Author: Dan Sinclair <dsinclair@chromium.org>
Date: Tue Mar 28 17:07:05 2017

Add bounds check into JBIG2 Arith decoder.

Currently when the BitStream runs out of bits it pretends that it
still has content and will continue to return the last byte over and
over again. This Cl updates the jbig decoder to detect that the bit
stream is complete and returns a decode error.

Bug:  chromium:665056 
Change-Id: I61ca75713e677a2c280e80374b8dcfd48bee67d8
Reviewed-on: https://pdfium-review.googlesource.com/3244
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>

[modify] https://crrev.com/eed6421dc45a5cc74986b2ef0870974c829f829e/core/fxcodec/jbig2/JBig2_ArithDecoder.h
[modify] https://crrev.com/eed6421dc45a5cc74986b2ef0870974c829f829e/core/fxcodec/jbig2/JBig2_GrdProc.cpp
[modify] https://crrev.com/eed6421dc45a5cc74986b2ef0870974c829f829e/core/fxcodec/jbig2/JBig2_BitStream.h
[modify] https://crrev.com/eed6421dc45a5cc74986b2ef0870974c829f829e/core/fxcodec/jbig2/JBig2_BitStream.cpp
[modify] https://crrev.com/eed6421dc45a5cc74986b2ef0870974c829f829e/core/fxcodec/jbig2/JBig2_ArithDecoder.cpp

Comment 6 by dsinclair@chromium.org, Mar 28 2017

Status: Fixed (was: Started)
Project Member

Comment 7 by ClusterFuzz, Mar 29 2017 

ClusterFuzz has detected this issue as fixed in range 460187:460215.

Detailed report: https://clusterfuzz.com/testcase?key=5903935077613568

Fuzzer: libfuzzer_pdf_codec_jbig2_fuzzer
Job Type: mac_libfuzzer_chrome_asan
Platform Id: mac

Crash Type: Timeout (exceeds 25 secs)
Crash Address: 
Crash State:
  pdf_codec_jbig2_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=421447:421456
Fixed: https://clusterfuzz.com/revisions?job=mac_libfuzzer_chrome_asan&range=460187:460215

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97WcvzaZ5fNTHp9pkjzsDVeJYX5Zfk3283aqp04EBRSUgalmC40m6KHfaPiONGVjCjauELl5bPVWhLnHNU-DiR33Gjf2Xc5wvmVQer_0Xh-TV5PToruJPj2AaPP8NQBYkrOa-jdBjdhIZJy3XqxXSzLJ4-jtZXDuqxzUGb6866GmnZfo6FSSTIdI7hAqrbOhNJVxdeJh7-zQ5EPJ1wqJSvEkA8IxfWRo5wfBP5FJCXzPRm299dERIicaZ-BoCX-Mv63J___eOlESaUOtGyGDK--LP8vjlXvzEUw_EldjZRmUtFc9-oGdXIFAcqNb4B-y-A1YQLI6DNVjx-RPhCjs_cTmNpbj4_QyqBEI5b9KMBd41S8KHo?testcase_id=5903935077613568


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 8 by thestig@chromium.org, May 15 2017

Components: Internals>Plugins>PDF

Sign in to add a comment