Issue metadata
Sign in to add a comment
|
Undefined-shift in opj_j2k_read_siz |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=6265587467812864 Fuzzer: libfuzzer_pdf_jpx_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: opj_j2k_read_siz opj_j2k_read_header_procedure opj_j2k_exec Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97iF_MeN2gr-M0uFQAfXJk1r-lZM1npEQaKsexxA7pD00N16u_u8t3q3JGimHRf8HBGxpo4fA7COGCg_60zNFG0AbXVRHkoEPFFKQH4BYgelkRygymA9AHMYZLpeW1oPBg2kt7Tbnt1ZB5Vv1rNgc2IOW01IvRjc0NU0Oi3u5qY6N7xwF6ujlQtgYaN2SDtwDBOVNM5_fXZJzDgtoFjZIsYtiGMspF_pv55WojmEQE6vhIqLa7ehUAgQiSR16zgzH6xbmuin8j4OScLRUxtsNO7LAESsaGGSinuDe6WMMQ-Lbz7jVzKfP8xobAM12CKvQ5GkQylzjbJptffeUM3RoThoZ_ou9yRY0UOxlfnxKAefQgY48I?testcase_id=6265587467812864 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Mar 6 2017
,
Mar 7 2017
Issue 603544 has been merged into this issue.
,
Mar 7 2017
I'll assign it to myself. I'd rather this just be fixed by an upstream patch, but for that I'll need to do that upstream patch myself.
,
Mar 7 2017
Submitted issue upstream: https://github.com/uclouvain/openjpeg/issues/902
,
May 9 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114 commit fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114 Author: Nicolas Pena <npm@chromium.org> Date: Tue May 09 19:46:29 2017 LibOpenJPEG: restrict l_img_comp->prec to avoid undefined shift The 38 value seems arbitrary, and the prec is used in OPJ_INT32 with 1 << (prec - 1). So limit it to be at most 31, and avoid undefined shifts. Bug: chromium:698498 Change-Id: I840f2e65231ac7847ed26bcaea36471a53be49e8 Reviewed-on: https://pdfium-review.googlesource.com/5173 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [modify] https://crrev.com/fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114/third_party/libopenjpeg20/j2k.c [add] https://crrev.com/fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114/third_party/libopenjpeg20/0032-undefined-shift-opj_j2k_read_siz.patch [modify] https://crrev.com/fe5c7c28c2f048eda4aa58cb8932d0d6f3f98114/third_party/libopenjpeg20/README.pdfium
,
May 10 2017
ClusterFuzz has detected this issue as fixed in range 470448:470475. Detailed report: https://clusterfuzz.com/testcase?key=6265587467812864 Fuzzer: libfuzzer_pdf_jpx_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: opj_j2k_read_siz opj_j2k_read_header_procedure opj_j2k_exec Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=470448:470475 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6265587467812864 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 11 2017
,
May 15 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 Deleted