New issue
Advanced search Search tips

Issue 675752 link

Starred by 1 user
Status: Fixed
Owner:
tsepez@chromium.org
Closed: Dec 2016
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Sanitizer CHECK failure in "((IsAligned(p, page_size_))) != (0)" (0x0, 0x0)

Project Member Reported by ClusterFuzz, Dec 19 2016

Comment 1 by mummare...@chromium.org, Dec 19 2016

Labels: M-57
Owner: tsepez@chromium.org
Status: Assigned (was: Untriaged)
The result is a list of CLs that change the crashed files. 

Author: tsepez
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/47fb8c06acd0ff9ea50c8c2d7f67510ea5c28577
Time: Thu Dec 15 13:51:34 2016 -0800
Lines 195-196 of file cpdf_streamparser.cpp which potentially caused crash are changed in this cl (frame #5, "CPDF_StreamParser::ReadInlineStream").
Minimum distance from crash line to modified line: 0. (file: cpdf_streamparser.cpp, crashed on: 195, modified: 195).

Comment 2 by tsepez@chromium.org, Dec 20 2016

Status: Started (was: Assigned)
https://codereview.chromium.org/2585113004/
Project Member

Comment 4 by bugdroid1@chromium.org, Dec 20 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2d589c0dc0ea78ddae61db17bd00d85dc9c3cf17

commit 2d589c0dc0ea78ddae61db17bd00d85dc9c3cf17
Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org>
Date: Tue Dec 20 02:08:38 2016

Roll src/third_party/pdfium/ 0fdeeb817..04a407093 (1 commit).

https://pdfium.googlesource.com/pdfium.git/+log/0fdeeb817556..04a407093c13

$ git log 0fdeeb817..04a407093 --date=short --no-merges --format='%ad %ae %s'
2016-12-19 tsepez Missing null initializer in CPDF_StreamParser::ReadInlineStream

BUG= 675752 

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

TBR=dsinclair@chromium.org

Review-Url: https://codereview.chromium.org/2588183002
Cr-Commit-Position: refs/heads/master@{#439667}

[modify] https://crrev.com/2d589c0dc0ea78ddae61db17bd00d85dc9c3cf17/DEPS
Project Member

Comment 5 by ClusterFuzz, Dec 20 2016 

ClusterFuzz has detected this issue as fixed in range 439653:439688.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4939178862444544

Fuzzer: attekett_surku_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Sanitizer CHECK failure
Crash Address: 
Crash State:
  "((IsAligned(p, page_size_))) != (0)" (0x0, 0x0)
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=438853:439175
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=439653:439688

Minimized Testcase (56.74 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94uDbghuicHYJwx63JcUyHpRtsFEglGuIKpDaSPrGEjAVn0603P84mtIErbiF7c2IeAY2RKw7jwMSVCIuFyGrTEGw-pZisIRefaOYpP-cgArekWe3aJuxX2LZbZtQ2fBUYgR3VFLJnzdCB_osHb7ffgBn6KAMi7notVS2pJBpIXUA_5SKc?testcase_id=4939178862444544

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Sign in to add a comment