Out-of-memory in pdf_codec_jbig2_fuzzer |
||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6157225234268160 Fuzzer: libfuzzer_pdf_codec_jbig2_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Out-of-memory Crash Address: Crash State: pdf_codec_jbig2_fuzzer Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=421422:421468 Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95hW-CA-zI7LhZQTuz76cMVyXvqORcgnliKeJRjdGScFKCNN5wqZW1_eZSWs-KU32JkKUzL-Fx_5sOjdhktJUDS2N1Fp1qsL2dVuE7i3v8lpV7ByrrCpdDGaLwdS-A_qHHi0aH7Eo5DazybwZ39J_MHCQr0dg?testcase_id=6157225234268160 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Feb 22 2017
I don't have free time to help. Reassigned.
,
Mar 27 2017
,
Mar 27 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/96169fc007f271412ffa7bf2ebd3cf3fc04f71a5 commit 96169fc007f271412ffa7bf2ebd3cf3fc04f71a5 Author: Dan Sinclair <dsinclair@chromium.org> Date: Mon Mar 27 18:45:54 2017 Verify available bits in bit stream The methods to read n bits from the huffman stream are not correctly checking that the bits are available. This means, we'll end up reading 0 bits due to the checks below and pretend like the read worked. This Cl adds the check that we are not at the end of the bit buffer before attempting the bit read. Bug: chromium:672176 Change-Id: I206f2d54da31c344cf649ca024644d1cce762fe7 Reviewed-on: https://pdfium-review.googlesource.com/3231 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/96169fc007f271412ffa7bf2ebd3cf3fc04f71a5/core/fxcodec/jbig2/JBig2_BitStream.cpp
,
Mar 27 2017
,
Mar 28 2017
ClusterFuzz has detected this issue as fixed in range 459865:459906. Detailed report: https://clusterfuzz.com/testcase?key=6157225234268160 Fuzzer: libfuzzer_pdf_codec_jbig2_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: pdf_codec_jbig2_fuzzer Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=421422:421468 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=459865:459906 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv943_LXSyuLQJd1sdLL24h8cu-GsoAA5bVZ2QIjIH2HGrLw6Mtl8PACaZeiW8mjGPV6SEyKso0CBOOp3E3kfpREKQfYBOJ-bz-PjdKv_45fdJ14yIOKBqvF5lejqmh2rSUEWcMZk6d3A3xezxE-ntbJreRO8wF0IDvd6-zOiykcGs9ocsNLS6Z066a3ryIHOHIOIP8XPy4T1BKpxdtuMbVggUMnfBsyRKoepqCBo9FIViy3BxrftS8hvwXJhCeEe8oczhJad4EH6Q79V3z-zMBeKY73NuUFHS6axW2gqFXCjKo21JOzW2bPD3jiugLnHObLDvYvhWBNbx0gB9b5O41oivOqG2bsXi_qXU4labYkyx35uZ2s?testcase_id=6157225234268160 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 28 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/0eb74769c9efbcb94e57f160882ce3309684b2f9 commit 0eb74769c9efbcb94e57f160882ce3309684b2f9 Author: Dan Sinclair <dsinclair@chromium.org> Date: Tue Mar 28 16:50:45 2017 Add JBig2_BitStream ReadNBits unittests Add test for reading past end of buffer and successful read of bits. Bug: chromium:672176 Change-Id: Ibe2d818185cdb2260011d3fc8cad94ebb16984b7 Reviewed-on: https://pdfium-review.googlesource.com/3233 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> [modify] https://crrev.com/0eb74769c9efbcb94e57f160882ce3309684b2f9/BUILD.gn [add] https://crrev.com/0eb74769c9efbcb94e57f160882ce3309684b2f9/core/fxcodec/jbig2/JBig2_BitStream_unittest.cpp
,
May 15 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by msrchandra@chromium.org
, Dec 8 2016Labels: Test-Predator-Wrong
Owner: kcwu@chromium.org
Status: Assigned (was: Untriaged)