Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in GetWord_LSBFirst |
||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5756780576768000 Fuzzer: libfuzzer_pdf_codec_bmp_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60a00000045d Crash State: GetWord_LSBFirst bmp_read_header CCodec_BmpModule::ReadHeader Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=398366:399171 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95BCO8dKx0V_oQlhScbp7_dGTv1Bhc4Yz8XJUlFAMyYOTg5zzgodUoYZ0BrbWbK9m8Z4AKTYuYB8sGlgDYjWiM2K6wmEuBfGDx20I5sDuu0pO4jaHH8vFw0E_I_Y0ScUqsHIpCCA37RRb4S5zKAjZzUqst1G-XHb7Wpcy27oTCOQZem4fWMlckdmRGudsp8FbuTCMM9PqHHmcXolZIAw5aWmmxk2dYGr9VoPoMLnfVfV1n2Mk-ycGOc6p5YCnCJ0fPZFPjHPPv62lncv34nEuKCtsm4zX7iVGPQ_VGHsd9ADcDt5WvhBCUAtbw4emdqfFyd8Dk8oCDfRhWaldXc0covVmnyyU7Klg_Tb7It_6nFbbPrujc?testcase_id=5756780576768000 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Mar 1 2017
XFA is not enabled in any branch of Chrome.
,
Mar 22 2017
,
Jul 30 2017
Detailed report: https://clusterfuzz.com/testcase?key=5619551613222912 Fuzzer: pdf_codec_bmp_fuzzer Job Type: libfuzzer_chrome_asan Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60a0000015dd Crash State: GetWord_LSBFirst BMPDecompressor::ReadHeader CCodec_BmpModule::ReadHeader Sanitizer: address (ASAN) Recommended Security Severity: Medium Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5619551613222912 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 31 2017
Detailed report: https://clusterfuzz.com/testcase?key=5619551613222912 Fuzzer: pdf_codec_bmp_fuzzer Job Type: libfuzzer_chrome_asan Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60a0000015dd Crash State: GetWord_LSBFirst BMPDecompressor::ReadHeader CCodec_BmpModule::ReadHeader Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=398287:399171 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5619551613222912 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Sep 19 2017
,
Sep 30 2017
We're going to temporarily disable this fuzz target on ClusterFuzz side, as it is wasting CPU cycles due to frequent crashing. We might not have crash stats from CF after that, but the target will stay in the repository and available for local reproducing and testing bug fixes. https://chromium-review.googlesource.com/c/chromium/src/+/692525
,
Oct 1 2017
Automatically applying components based on information from OWNERS files. If this seems incorrect, please apply the Test-Predator-Wrong-Components label.
,
Oct 5 2017
No long reproduces on HEAD. Related code replaced as part of a bug fix in https://pdfium-review.googlesource.com/c/pdfium/+/15210
,
Oct 6 2017
,
Oct 7 2017
ClusterFuzz has detected this issue as fixed in range 506787:506835. Detailed report: https://clusterfuzz.com/testcase?key=5619551613222912 Fuzzer: pdf_codec_bmp_fuzzer Job Type: libfuzzer_chrome_asan Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60a0000015dd Crash State: GetWord_LSBFirst BMPDecompressor::ReadHeader CCodec_BmpModule::ReadHeader Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=398287:399171 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=506787:506835 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5619551613222912 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 7 2017
ClusterFuzz testcase 5619551613222912 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Oct 18 2017
,
Oct 18 2017
Thanks for fixing! I guess we can enabled fuzzer by doing revert (or partial revert?) of https://chromium-review.googlesource.com/c/chromium/src/+/692525 ?
,
Oct 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f5d9849db58316149f40bdf9c36d040110d5f991 commit f5d9849db58316149f40bdf9c36d040110d5f991 Author: Ryan Harrison <rharrison@chromium.org> Date: Mon Oct 23 20:51:39 2017 Re-enable pdf_codec_bmp_fuzzer The bug that it was disabled for has been resolved. BUG= chromium:697451 Change-Id: Id944cf685fc2e3078aa828b31789a25f1b1f1719 Reviewed-on: https://chromium-review.googlesource.com/733787 Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org> Cr-Commit-Position: refs/heads/master@{#510909} [modify] https://crrev.com/f5d9849db58316149f40bdf9c36d040110d5f991/pdf/pdfium/fuzzers/BUILD.gn
,
Nov 7 2017
,
Jan 12 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by vakh@chromium.org
, Mar 1 2017Components: Internals>Plugins>PDF
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)