Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5526354776031232 Fuzzer: libfuzzer_pdf_jpx_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: b libpthread.so.0 opj_int_ceildiv Sanitizer: address (ASAN) Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=455091:455226 Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95DxW7cv153BtUdReyBVpd226Lrl6BHWpl012f-H7h7denOsr1NTYafTrpdJ_oEq4xQe5h_eCXZ1_KfW4Yp5bRv2iy59c8ymtqhsqYeDhTZMq6ty0vRblRW1apDdaOolzJwNN5MWVz8kLwQkhbkxvnsiECKohNPA4k7n5FHGFDWGpnMG05_mzN8Ema7qYRvTmgYN9UTRI69f6J8tFOiR3ahHrYpb2UZvOcQb97xzaOItk59hmzuOrnWhjlucFq-dScGZl1p2Iuk_CgpyG9SAyA64HcWozv2GW71I6mieBJIBnnLvjreoblCX4kPT_BxyDbg7YQs5gzj3F_-os2HVcm8hMJ1yEky629Pb6ZsY4ChVIVIAMU?testcase_id=5526354776031232 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
npm@, could you please take a look?. Thank you
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/9818dc150132ac04148174258423e394eb0948b9 commit 9818dc150132ac04148174258423e394eb0948b9 Author: Nicolas Pena <npm@chromium.org> Date: Mon Mar 13 18:05:22 2017 LibopenJPEG: Fix some divisions by 0 in pi.c The undefined shifts in libopenjpeg are sometimes used as divisors. This CL checks that we are not trying to divide by 0 or mod by 0 in some places in pi.c. BUG= chromium:699491 Change-Id: Iaf629112437068d6479dbbb52b339bec6edefed0 Reviewed-on: https://pdfium-review.googlesource.com/2962 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [add] https://crrev.com/9818dc150132ac04148174258423e394eb0948b9/third_party/libopenjpeg20/0029-avoid-division-by-0.patch [modify] https://crrev.com/9818dc150132ac04148174258423e394eb0948b9/third_party/libopenjpeg20/pi.c [modify] https://crrev.com/9818dc150132ac04148174258423e394eb0948b9/third_party/libopenjpeg20/README.pdfium
b does not say much
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a179639e0748a31beeefad1801ab727d7c11fed5 commit a179639e0748a31beeefad1801ab727d7c11fed5 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Mon Mar 13 21:18:51 2017 Roll src/third_party/pdfium/ 8f03b422e..9818dc150 (3 commits) https://pdfium.googlesource.com/pdfium.git/+log/8f03b422ed85..9818dc150132 $ git log 8f03b422e..9818dc150 --date=short --no-merges --format='%ad %ae %s' 2017-03-13 npm LibopenJPEG: Fix some divisions by 0 in pi.c 2017-03-13 dsinclair Replace discrete array with a map. 2017-03-13 dsinclair Convert TxtBreak line pieces to a vector. Created with: roll-dep src/third_party/pdfium BUG= 699491 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2751473002 Cr-Commit-Position: refs/heads/master@{#456485} [modify] https://crrev.com/a179639e0748a31beeefad1801ab727d7c11fed5/DEPS
ClusterFuzz has detected this issue as fixed in range 456451:456495. Detailed report: https://clusterfuzz.com/testcase?key=5526354776031232 Fuzzer: libfuzzer_pdf_jpx_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: b opj_int_ceildiv opj_pi_next_cprl Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=455091:455226 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=456451:456495 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96X0KvSkb11tL2qwi1EP9ZXShKgFRxs_-y47soSKlh7wkp9UIIIHHX8p2m2003oQ3enk0nc6Bt0Hr5QpJeg1d5Gbm2o3VDyhoeZeHS42fhvBInV_z41zAFK5Xu_JN0zlf0gxjYB--rhbv28Z6_MBOVDQp2ar30FiR6JmqtO8qdEZizL1QFEChT3YskUwQ2bIpTwkezhygv1sBggNYXY1zzWqtMJ9N6JYwA_5e5smeIKCx2k5eUNIum-5ZP9axXsx6NViThPRlv7E9GPvi8ZbYc41gCdHWhNj8qsYwHLb3NiZqKIeiGjk16XcNlu-PRsE4GExiKauVePoIeq8l29_Re4sBr4wdAK6XSgve022m2Nhj1TuKA?testcase_id=5526354776031232 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Issue 644628 has been merged into this issue.
ClusterFuzz testcase 5700362172628992 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Comment 1 by mummare...@chromium.org
, Mar 9 2017Components: Internals>Plugins>PDF
Labels: Test-Predator-Wrong M-59
Owner: npm@chromium.org
Status: Assigned (was: Untriaged)