Issue metadata
Sign in to add a comment
|
Undefined-shift in opj_t1_dec_clnpass |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://cluster-fuzz.appspot.com/testcase?key=5830754912436224 Fuzzer: libfuzzer_pdf_jpx_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: opj_t1_dec_clnpass opj_t1_decode_cblk opj_t1_decode_cblks Sanitizer: undefined (UBSAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95qHUMTL_J7N9cGcxCNV0hLR714BiLW2xChJ7HxZjCT46spqSUZ6wc4VgwgMyDVjpP--FAy1S6ybuHml7jPlskJW_87QZggWSnK0c4OwhteW5jggCRmui6RzaJkueqWJWankbYG_pjb07F8odg5QE6e0ArNfjen0rnrR1PqRSN1tOA3mR8UnrTMoMn4TDTPzCEz4fobIuE1ZF8Ih709nQur6pEkSH3DLqCljzsagqicHnv_OhlMvAp0rEphxSxUl1ckW49tPbiFXHbsAfLUXpPfOCJ82s7LTDuEiWydHbFvG3WuinJ7EHox08nsBMQjvu-Kti1cts2cy9MgLk3YdoBrXw1ZOyoZ0n9V-rD7bbEzaryv0YE?testcase_id=5830754912436224 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Mar 7 2017
Issue 694042 has been merged into this issue.
,
Mar 7 2017
,
Mar 7 2017
Filed upstream bug: https://github.com/uclouvain/openjpeg/issues/903
,
May 11 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/2a2ee0f1ca747929acaf1b4f2eadbf7c8e8025e6 commit 2a2ee0f1ca747929acaf1b4f2eadbf7c8e8025e6 Author: Nicolas Pena <npm@chromium.org> Date: Thu May 11 16:09:22 2017 LibOpenJPEG: undefined shift in opj_t1_dec_clnpass bpno_plus_one is used as a parameter bpno for a bunch of methods that calculate 1 << bpno. Thus, use a reduced value when it's large enough to cause undefined shift. bpno_plus_one itself remains unchanged so that the number of calls remains the same Bug: chromium:698526 Change-Id: I40431d41a04f3e2315bd3c80114cd0fcbd2815b4 Reviewed-on: https://pdfium-review.googlesource.com/5310 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [add] https://crrev.com/2a2ee0f1ca747929acaf1b4f2eadbf7c8e8025e6/third_party/libopenjpeg20/0033-undefined-shift-opj_t1_dec_clnpass.patch [modify] https://crrev.com/2a2ee0f1ca747929acaf1b4f2eadbf7c8e8025e6/third_party/libopenjpeg20/README.pdfium [modify] https://crrev.com/2a2ee0f1ca747929acaf1b4f2eadbf7c8e8025e6/third_party/libopenjpeg20/t1.c
,
May 12 2017
ClusterFuzz has detected this issue as fixed in range 470999:471049. Detailed report: https://clusterfuzz.com/testcase?key=5830754912436224 Fuzzer: libfuzzer_pdf_jpx_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Undefined-shift Crash Address: Crash State: opj_t1_dec_clnpass opj_t1_decode_cblk opj_t1_decode_cblks Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=395640:395746 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=470999:471049 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5830754912436224 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 15 2017
,
May 18 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by durga.behera@chromium.org
, Mar 6 2017Status: Duplicate (was: Untriaged)