Issue 686498 link

Starred by 4 users

Issue metadata

Status:	Duplicate
Merged:	issue 675617
Owner:	dsinclair@chromium.org
Closed:	Feb 2017
Cc:	kcwu@chromium.org nyerramilli@chromium.org tsepez@chromium.org
Components:	Internals>Plugins>PDF
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Reproducible Stability-Memory-AddressSanitizer Stability-Memory-LeakSanitizer Stability-Libfuzzer Clusterfuzz M-58 Test-Predator-Wrong-CLs

Direct-leak in _cmsMallocZero

Project Member Reported by ClusterFuzz, Jan 29 2017

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6214360738562048

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  _cmsMallocZero
  cmsPipelineAlloc
  Type_MPE_Read
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420440:420580

Minimized Testcase (0.26 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96LCa4JBzzRruyfSd0nJZ1YkYozB-0lqJiQSyoeonFS03UZdAM_QvjULrBIzPh3sg8I9Xd_wxcNqZPMn8M1l92BkY7xUWD89JCkm6NoGmlEXJpgrN-adIGpk0xqgwGuKHzdpk7oRkkY-RLS6CDnh-tlW7ow5fOWwj36G4I7Mn9LafLj-xV0GFbpEHvoW2RIK7g7gccXF0E3K3j4iqlzGZjjTR2bRQ-ah1cZA9m0wbI5yNHDfNuFTAG-QPMsf8dDCntx-LNTAu1Gs3wDaWb3wCfA43_e1l2sKGmAtopZWDzcR6wFsHirqCEWpmCRzlG3RZD5tn-q6McuSOiiepaVqLgu-w_YfNg2eN8JK7LHmRBtg-fXG3o?testcase_id=6214360738562048

Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by nyerramilli@chromium.org, Jan 30 2017

Cc: tsepez@chromium.org nyerramilli@chromium.org
Components: Internals>Plugins>PDF
Labels: Test-Predator-Wrong-CLs M-58
Owner: jam@chromium.org
Status: Assigned (was: Untriaged)

Predator and CL did not provide any possible suspects.

adding /src/third_party/pdfium/OWNERS, requesting the team to check the issue and help.

Comment 2 by dsinclair@chromium.org, Jan 30 2017

Owner: kcwu@chromium.org

kcwu@ more lcms fuzzer findings if you've got time.

Comment 3 by kcwu@chromium.org, Feb 22 2017

Cc: kcwu@chromium.org
Owner: dsinclair@chromium.org

I don't have free time to help. Reassigned.

Project Member

Comment 4 by ClusterFuzz, Feb 23 2017

ClusterFuzz has detected this issue as fixed in range 452156:452192.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6214360738562048

Fuzzer: libfuzzer_pdf_codec_icc_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  _cmsMallocZero
  cmsPipelineAlloc
  Type_MPE_Read
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=420440:420580
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=452156:452192

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96LCa4JBzzRruyfSd0nJZ1YkYozB-0lqJiQSyoeonFS03UZdAM_QvjULrBIzPh3sg8I9Xd_wxcNqZPMn8M1l92BkY7xUWD89JCkm6NoGmlEXJpgrN-adIGpk0xqgwGuKHzdpk7oRkkY-RLS6CDnh-tlW7ow5fOWwj36G4I7Mn9LafLj-xV0GFbpEHvoW2RIK7g7gccXF0E3K3j4iqlzGZjjTR2bRQ-ah1cZA9m0wbI5yNHDfNuFTAG-QPMsf8dDCntx-LNTAu1Gs3wDaWb3wCfA43_e1l2sKGmAtopZWDzcR6wFsHirqCEWpmCRzlG3RZD5tn-q6McuSOiiepaVqLgu-w_YfNg2eN8JK7LHmRBtg-fXG3o?testcase_id=6214360738562048


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Comment 5 by npm@chromium.org, Feb 23 2017

Mergedinto: 675617
Status: Duplicate (was: Assigned)

►

Issue 686498 link

Issue metadata

Direct-leak in _cmsMallocZero

Issue description

Comment 1 by nyerramilli@chromium.org, Jan 30 2017

Comment 1 Deleted

Comment 2 by dsinclair@chromium.org, Jan 30 2017

Comment 2 Deleted

Comment 3 by kcwu@chromium.org, Feb 22 2017

Comment 3 Deleted

Comment 4 by ClusterFuzz, Feb 23 2017

Comment 4 Deleted

Comment 5 by npm@chromium.org, Feb 23 2017

Comment 5 Deleted

Sign in to add a comment