Hang in pdf_fm2js_fuzzer |
||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6531870100815872 Fuzzer: libfuzzer_pdf_fm2js_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Hang Crash Address: Crash State: pdf_fm2js_fuzzer Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Minimized Testcase (0.12 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96ElSaodFWSCNAh6jwoUEdwua3ti3LLXyp_eR6W82-e_aXJEvFBxCeL-nFlY3BaP6A_yj2gUT2iZ1MZRK1FUA_eg3N6PG9E0GdVc_Jr9hO__43zR72j9PyJLV-E639pgo7bu0zjPsMh1fRbooB4_0uWWTK83g?testcase_id=6531870100815872 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Nov 22 2016
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 10 2017
,
Feb 10 2017
Could someone please take a look?. Thank you.
,
Feb 13 2017
,
Mar 18 2017
,
Mar 27 2017
ClusterFuzz has detected this issue as fixed in range 459701:459705. Detailed report: https://clusterfuzz.com/testcase?key=6531870100815872 Fuzzer: libfuzzer_pdf_fm2js_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Timeout (exceeds 25 secs) Crash Address: Crash State: pdf_fm2js_fuzzer Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=459701:459705 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95HxDjMSnNpnd0CWCrlzR2548IbS4P7Ez5AGkS3D3DXFAeRmJj8T10AHehBgasa_xMK-JxDCBAjmV-FNGusdcvPUBkjilfxj2pEZlNWbrZRc0jGOvRhUoCLXbbS2H6FXkE5gq4z32yIQjNYDphRWa4MCu5vZwVbwKTzRLxg1NWgnW4_XCce2tCOmBm6626hSysT1DKTFcfXGmG8fAQFymaveCSkacDaT6MgHtj3VNBVy9mk9w-StjW9c3jN5xN_lESKmaVqtSi0o66wSnWXC4kRlphRkda8Ziy-2bPLhW_8Gs0Tivlvn8gT6xWZbzXbF_uXrKk8w77OIOk1l0vGrQflwSE8VrbgdLtrLNUXQVAMYG5E1gk?testcase_id=6531870100815872 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 27 2017
ClusterFuzz testcase 6531870100815872 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 27 2017
,
Apr 10 2017
,
Apr 11 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/5c97fd86374a1638710870a8603438f6d6fa11d1 commit 5c97fd86374a1638710870a8603438f6d6fa11d1 Author: Nicolas Pena <npm@chromium.org> Date: Tue Apr 11 15:27:16 2017 Avoid long assignment chain in FM parser We only parse FM right before translating to JS. Our current implementation of assignment will duplicate to first expression's ToJavascript. So having a long chain of assignments will result in a huge ToJavascript. Bug: chromium:665087 Change-Id: I542371b5787113be2f2d686153ed0a6c48191bab Reviewed-on: https://pdfium-review.googlesource.com/4030 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/5c97fd86374a1638710870a8603438f6d6fa11d1/xfa/fxfa/fm2js/xfa_error.h [modify] https://crrev.com/5c97fd86374a1638710870a8603438f6d6fa11d1/xfa/fxfa/fm2js/xfa_fmparse.cpp [modify] https://crrev.com/5c97fd86374a1638710870a8603438f6d6fa11d1/xfa/fxfa/fm2js/xfa_error.cpp
,
Apr 12 2017
,
May 11 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/4da1e7623c52572bc8677ac53b908f39543f13b1 commit 4da1e7623c52572bc8677ac53b908f39543f13b1 Author: Lei Zhang <thestig@chromium.org> Date: Thu May 11 01:00:39 2017 Limit XFA FormCalc program translation size. BUG= chromium:665087 , chromium:718492 Change-Id: I09e93b4167ab2c0b3b53641243aa0cbeb5b98c4f Reviewed-on: https://pdfium-review.googlesource.com/3114 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> [modify] https://crrev.com/4da1e7623c52572bc8677ac53b908f39543f13b1/xfa/fxfa/fm2js/xfa_fmparse.h [modify] https://crrev.com/4da1e7623c52572bc8677ac53b908f39543f13b1/xfa/fxfa/fm2js/xfa_expression.h [modify] https://crrev.com/4da1e7623c52572bc8677ac53b908f39543f13b1/xfa/fxfa/fm2js/xfa_expression.cpp [modify] https://crrev.com/4da1e7623c52572bc8677ac53b908f39543f13b1/xfa/fxfa/fm2js/xfa_program.cpp [modify] https://crrev.com/4da1e7623c52572bc8677ac53b908f39543f13b1/xfa/fxfa/fm2js/xfa_simpleexpression.h [modify] https://crrev.com/4da1e7623c52572bc8677ac53b908f39543f13b1/xfa/fxfa/fm2js/xfa_fm2jscontext.cpp [modify] https://crrev.com/4da1e7623c52572bc8677ac53b908f39543f13b1/xfa/fxfa/fm2js/xfa_simpleexpression.cpp [modify] https://crrev.com/4da1e7623c52572bc8677ac53b908f39543f13b1/xfa/fxfa/fm2js/xfa_fmparse.cpp
,
May 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/715c833d5ba12cedbf0250778ce9c7db4a517490 commit 715c833d5ba12cedbf0250778ce9c7db4a517490 Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Thu May 11 09:11:23 2017 Roll src/third_party/pdfium/ 21f88ffe5..4da1e7623 (7 commits) https://pdfium.googlesource.com/pdfium.git/+log/21f88ffe5c2c..4da1e7623c52 $ git log 21f88ffe5..4da1e7623 --date=short --no-merges --format='%ad %ae %s' 2017-05-10 thestig Limit XFA FormCalc program translation size. 2017-05-09 thestig Split DCT decoder creation from CPDF_DIBSource::CreateDecoder(). 2017-05-10 thestig Replace operator bool with HasRef() in classes with a CFX_SharedCopyOnWrite member. 2017-05-10 thestig Check CXFA_FM2JSContext::Translate() return value. 2017-05-10 dsinclair Store the offset in the archive buffer 2017-05-10 dsinclair Cleaning up Edit code 2017-05-10 npm Cleanup CGifDecompressor part 2 Created with: roll-dep src/third_party/pdfium BUG= 665087 , 718492 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: I72ea21ff11451a57fa0cdc532b5eceae31a682bb Reviewed-on: https://chromium-review.googlesource.com/502630 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#470884} [modify] https://crrev.com/715c833d5ba12cedbf0250778ce9c7db4a517490/DEPS
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ajha@chromium.org
, Nov 22 2016