ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://cluster-fuzz.appspot.com/testcase?key=6131729464295424

Divide by zero

Thread 0 CRASHED [EXCEPTION_INT_DIVIDE_BY_ZERO @ 0x00007ffb702d79a0 ]
0x00007ffb702d79a0	(chrome_child.dll -pi.c:443 )	opj_pi_next_pcrl
0x00007ffb702da1e7	(chrome_child.dll -t2.c:412 )	opj_t2_decode_packets
0x00007ffb702d5611	(chrome_child.dll -tcd.c:1591 )	opj_tcd_t2_decode
0x00007ffb702d4c8b	(chrome_child.dll -tcd.c:1330 )	opj_tcd_decode_tile
0x00007ffb702cddf3	(chrome_child.dll -j2k.c:8073 )	opj_j2k_decode_tile
0x00007ffb702ce007	(chrome_child.dll -j2k.c:9614 )	opj_j2k_decode_tiles
0x00007ffb702ce9de	(chrome_child.dll -j2k.c:7290 )	opj_j2k_exec
0x00007ffb702cd91b	(chrome_child.dll -j2k.c:9814 )	opj_j2k_decode
0x00007ffb702c9b28	(chrome_child.dll -jp2.c:1502 )	opj_jp2_decode
0x00007ffb7029b5a5	(chrome_child.dll -fx_codec_jpx_opj.cpp:774 )	CJPX_Decoder::Init(unsigned char const *,unsigned int)

static INLINE OPJ_INT32 opj_int_ceildiv(OPJ_INT32 a, OPJ_INT32 b) {
	assert(b);
	return (a + b - 1) / b;
}

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6131729464295424

Job Type: linux_asan_pdfium
Crash Type: Floating-point-exception
Crash Address: 
Crash State:
  opj_pi_next
  opj_t2_decode_packets
  opj_tcd_decode_tile
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_pdfium&range=344607:344814

Minimized Testcase (2.91 Kb): https://cluster-fuzz.appspot.com/download/AMIfv967m0JFNaEPRpZd89emH4UsuNvfmHB1kDgR20YtV3LpGsfo7Jj6xl5q6xnlMQL_K1KOSGKMl0HM7lhTBDxEweoX7TfshORU5fzO0CdDG30gYXB7898ScxSSgVATdht4IwtNv8KZRyZDgt9ZP-C7zXnLZRwmeg?testcase_id=6131729464295424

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

We are building a command-line tool that can reproduce this crash on Goobuntu from source code with a single command. If anyone is interested in using it, please let me know.

It'll really help speed up the fixing process :)

There are many FPEs in openjpeg. https://github.com/uclouvain/openjpeg/issues/855 is another bug and https://github.com/uclouvain/openjpeg/pull/845 is a pull request to fix a bunch more. Since the issue is known publicly upstream, I'd rather we just wait until they iron it out.

ClusterFuzz has detected this issue as fixed in range 456450:456499.

Detailed report: https://clusterfuzz.com/testcase?key=6131729464295424

Job Type: linux_asan_pdfium
Crash Type: Floating-point-exception
Crash Address: 
Crash State:
  opj_pi_next
  opj_t2_decode_packets
  opj_tcd_decode_tile
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=344607:344814
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=456450:456499

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv967m0JFNaEPRpZd89emH4UsuNvfmHB1kDgR20YtV3LpGsfo7Jj6xl5q6xnlMQL_K1KOSGKMl0HM7lhTBDxEweoX7TfshORU5fzO0CdDG30gYXB7898ScxSSgVATdht4IwtNv8KZRyZDgt9ZP-C7zXnLZRwmeg?testcase_id=6131729464295424


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6131729464295424 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.