Issue metadata
Sign in to add a comment
|
Use-of-uninitialized-value in FPDFAPI_inflate_fast |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5333337574211584 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: FPDFAPI_inflate_fast FPDFAPI_inflate ZIPDecode Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191 Minimized Testcase (0.35 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97asmIFgbIanGfAsVa-jX_p1ctOs7jRmgeOQKhsAYrcOPkbsA1vBUTkwRxm6B9LbgEJ4plXQXHgh2L8AxsTa0y_9jTznHyeaBD_aFe3Cl1HvzGfjA8uvX_GJ4aqUVx80Y3YAnA8h_Nqn1hsYZGBAiFYAZAVTsHhqxckWqY3lW6DQZr9bnkLCXXztWWlOIttv2IBTi5xu5HBQnTsLy3aEfkD7xFoB-JNICObn5llnAip5RRDdG3WnoKRjkr_0fqZ-xv1ukIVE6cJIecK1DUFJXgL-zFuTVYR3eAmxuEv4fxL0UCZ3BOAK-Hg8XbwpLWe7zS5drEdWtkcsuX2R5KEbnQkb_gL37o-PypfbDy8ec-oyk6pYXU?testcase_id=5333337574211584 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Dec 29 2016
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 29 2016
,
Dec 30 2016
,
Dec 31 2016
The regression range has this pdfium roll: https://pdfium.googlesource.com/pdfium.git/+log/9e077d2..855665d tsepez@, can you triage this?
,
Jan 1 2017
,
Jan 3 2017
That range is long time ago, needs diagnosis as if it were a new issue. Looking.
,
Jan 3 2017
Dan, can we get someone to cobble up a patch memset(0) at the point we allocate this? Thanks.
,
Jan 4 2017
,
Jan 4 2017
Removing the ReleaseBlock as this is XFA code, which is not enabled on any branch of Chrome.
,
Jan 5 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium.git/+/c4fcad23b1438aa6ad19f518503f861b9e3815e1 commit c4fcad23b1438aa6ad19f518503f861b9e3815e1 Author: Dan Sinclair <dsinclair@chromium.org> Date: Wed Jan 04 18:27:51 2017 [libtiff] Fixup unitialized access issue This CL initializes the raw tif data to guard against unitialized memory access. BUG= chromium:677377 Change-Id: If272fafacd996c2e93a41fb6e477661dc0c5492c Reviewed-on: https://pdfium-review.googlesource.com/2150 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> [add] https://crrev.com/c4fcad23b1438aa6ad19f518503f861b9e3815e1/third_party/libtiff/0012-initialize-tif-rawdata.patch [modify] https://crrev.com/c4fcad23b1438aa6ad19f518503f861b9e3815e1/third_party/libtiff/README.pdfium [modify] https://crrev.com/c4fcad23b1438aa6ad19f518503f861b9e3815e1/third_party/libtiff/tif_read.c
,
Jan 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6ab313adb654c1362673f92befa229cb72103373 commit 6ab313adb654c1362673f92befa229cb72103373 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Fri Jan 06 03:17:47 2017 Roll src/third_party/pdfium/ 7855a2c57..c4fcad23b (4 commits). https://pdfium.googlesource.com/pdfium.git/+log/7855a2c57745..c4fcad23b143 $ git log 7855a2c57..c4fcad23b --date=short --no-merges --format='%ad %ae %s' 2017-01-04 dsinclair [libtiff] Fixup unitialized access issue 2017-01-05 dsinclair Cleaning up memory allocation in CXFA_FM2JSContext - II 2017-01-05 tsepez Banish CFX_Points, CFX_PointsF, and CFX_RectFArray to XFA-side only. 2017-01-05 npm Fix bCJK calculation in Windows MapFont BUG= 677377 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2615183002 Cr-Commit-Position: refs/heads/master@{#441861} [modify] https://crrev.com/6ab313adb654c1362673f92befa229cb72103373/DEPS
,
Jan 6 2017
ClusterFuzz has detected this issue as fixed in range 441806:441876. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5333337574211584 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: FPDFAPI_inflate_fast FPDFAPI_inflate ZIPDecode Sanitizer: memory (MSAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=398314:399191 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_msan&range=441806:441876 Minimized Testcase (0.35 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97asmIFgbIanGfAsVa-jX_p1ctOs7jRmgeOQKhsAYrcOPkbsA1vBUTkwRxm6B9LbgEJ4plXQXHgh2L8AxsTa0y_9jTznHyeaBD_aFe3Cl1HvzGfjA8uvX_GJ4aqUVx80Y3YAnA8h_Nqn1hsYZGBAiFYAZAVTsHhqxckWqY3lW6DQZr9bnkLCXXztWWlOIttv2IBTi5xu5HBQnTsLy3aEfkD7xFoB-JNICObn5llnAip5RRDdG3WnoKRjkr_0fqZ-xv1ukIVE6cJIecK1DUFJXgL-zFuTVYR3eAmxuEv4fxL0UCZ3BOAK-Hg8XbwpLWe7zS5drEdWtkcsuX2R5KEbnQkb_gL37o-PypfbDy8ec-oyk6pYXU?testcase_id=5333337574211584 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jan 6 2017
ClusterFuzz testcase 5333337574211584 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Jan 6 2017
,
Apr 14 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Dec 29 2016