Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5694142421401600 Fuzzer: libfuzzer_pdf_codec_gif_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: CGifLZWDecoder::Decode gif_load_frame CCodec_GifModule::LoadFrame Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=400697:402043 Minimized Testcase (0.14 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97fGkqApIB5Xq7201z0CE3XlDwSWCIaw86JqTUFx-tkiV2ZEgQTqY7VCBnvI06irR-QJQfTzaQRI_ibl02luTMhmb5zV1Mqq1spdtT_1mGCN-SH3iMwxSKdTgNS083UmXIGkw3uOeky_nLKtJYhoYxnuuvjVS0wAOjlDcqUT3uWWMIONsqKlwUMjV6a016K072SYoChWzDztLVUgX6dnrBP_EzUVpY_TQM24zOyykvyg_glMutJXBxmdH8YMHDKzDr-1VJQz-m1lV6VMs25LgbZJvXGNPwJ3ju8spCkaEgSSbsMTv9tBcXGjr4aqpWFVd_lsT9FAn1zDcdAtHxEpQjVLKWNlmpsFBgSLKzttyFEVpm2xmg?testcase_id=5694142421401600 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
Predator and CL did not provide any possible suspects. adding /src/third_party/pdfium/OWNERS, requesting the team to check the issue and help.
As per issue 680062 , assigning to npm@. could you please take a look? Thank you
Will wait on getting safe bit shifting so that this can be solved properly.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7f06e31d2b22d7e8059c983d6b6bede343e83778 commit 7f06e31d2b22d7e8059c983d6b6bede343e83778 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Thu Jan 26 06:25:07 2017 Roll src/third_party/pdfium/ 03de88464..5c1673db6 (2 commits). https://pdfium.googlesource.com/pdfium.git/+log/03de88464cc8..5c1673db6dea $ git log 03de88464..5c1673db6 --date=short --no-merges --format='%ad %ae %s' 2017-01-25 npm Calculate code_store safely in CGifLZWDecoder::Decode 2017-01-25 npm Prevent skew overflows in gtTileContig BUG= 682628 , 681300 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2651283003 Cr-Commit-Position: refs/heads/master@{#446250} [modify] https://crrev.com/7f06e31d2b22d7e8059c983d6b6bede343e83778/DEPS
ClusterFuzz has detected this issue as fixed in range 446229:446293. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5694142421401600 Fuzzer: libfuzzer_pdf_codec_gif_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: CGifLZWDecoder::Decode gif_load_frame CCodec_GifModule::LoadFrame Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=400697:402043 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=446229:446293 Minimized Testcase (0.14 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97YXFUhMbKvjuBb3tVorKBTmc2U3NHaHnQbdU9f3XFoe_0-ZXYcVVxmbExQPAnDtMx3EXmDaT-LzpBELA5TgdDO96O2Jfkh9eWwFbUuzkUxHgEZ4AB-vu74d5xzFjjAp4xacMQUr7kb17HWck_IRr1T3Wi6IiE7cMs7Kf5relSFpL53XDWz1hC2btjwS42IFZHN9S28rdoBVOLcy8xasrSvZvC1xt2oxyg9uoVGy52G2KU9cgoP2ZyYi3UjOocTA9-TIFQD9zvSPR7GW_NQMadoiE7RhGA-lbPjk5j_KsqQ3r70yEwxdUwvkfjnstiQvYCfsGEGZBOOOchbIk9glvIjgucWvZAsDSQFRQeGPahC0H3Vfzw?testcase_id=5694142421401600 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 5694142421401600 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Comment 1 by nyerramilli@chromium.org
, Jan 19 2017Components: Internals>Plugins>PDF
Labels: Test-Predator-Wrong-CLs M-56