Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in CGifLZWDecoder::ClearTable |
||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6070247976337408 Fuzzer: libfuzzer_pdf_codec_gif_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address: 0x62a000005232 Crash State: CGifLZWDecoder::ClearTable CGifLZWDecoder::InitTable gif_load_frame Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=400732:400874 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96NJ60X2f0W8vhOa-fXl0UTcBNc3mQ6HvPy-auH9oyBT4aDUzW9KNX9ZVKxwbvflSJJ9STeIRqONcJxmtv9vLdMb5MeLETpEf6-seIbyEDQzPxLS773qHX2hZSV5z1ErbAG8n3th2Sf50X1mSbKcETQKuiT8-e3FwqyGCueGmlTVvHG_su6XFvOfyARFW5XikrxUkA-A6E2E2Kgy7aFdcULDvPtDJyrEYdbtOg1TgGPnXVntfaw0_LAL1csajvFNPbDVTVvRhs8hzb36C6olLOwylIeJIbrJhuGZKKrEkWqkr_-3GbxBmhNr0J7OEIYYZ4_F44JykNh9bO0I_3ZGkFuQF5E2qQARNIt0GvO67tyT4rBXjylDikhH9TTAiUrRiIrftHyxjqQ01sv6LM5mhHkRZRyYQ?testcase_id=6070247976337408 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Feb 19 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 19 2017
,
Feb 19 2017
dsinclair: this is a crash in the pdfium code found through fuzzing (XFACodecFuzzer). Could you please help triage? Thanks!
,
Feb 20 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 27 2017
,
Feb 27 2017
XFA is not enabled on any branch of chromium.
,
Feb 28 2017
ClusterFuzz has detected this issue as fixed in range 453290:453318. Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6070247976337408 Fuzzer: libfuzzer_pdf_codec_gif_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address: 0x62a000005232 Crash State: CGifLZWDecoder::ClearTable CGifLZWDecoder::InitTable gif_load_frame Sanitizer: address (ASAN) Recommended Security Severity: High Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=400732:400874 Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=453290:453318 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv96NJ60X2f0W8vhOa-fXl0UTcBNc3mQ6HvPy-auH9oyBT4aDUzW9KNX9ZVKxwbvflSJJ9STeIRqONcJxmtv9vLdMb5MeLETpEf6-seIbyEDQzPxLS773qHX2hZSV5z1ErbAG8n3th2Sf50X1mSbKcETQKuiT8-e3FwqyGCueGmlTVvHG_su6XFvOfyARFW5XikrxUkA-A6E2E2Kgy7aFdcULDvPtDJyrEYdbtOg1TgGPnXVntfaw0_LAL1csajvFNPbDVTVvRhs8hzb36C6olLOwylIeJIbrJhuGZKKrEkWqkr_-3GbxBmhNr0J7OEIYYZ4_F44JykNh9bO0I_3ZGkFuQF5E2qQARNIt0GvO67tyT4rBXjylDikhH9TTAiUrRiIrftHyxjqQ01sv6LM5mhHkRZRyYQ?testcase_id=6070247976337408 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Feb 28 2017
ClusterFuzz testcase 6070247976337408 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 1 2017
,
Jun 7 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Feb 19 2017