Detailed report: https://clusterfuzz.com/testcase?key=6372362326114304 Fuzzer: libfuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: is_page_valid CPDF_DataAvail::GetPage CPDF_DataAvail::IsPageAvail Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=431173:431198 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv958eq3gZ5i_ipOEeDjxvSPsic-ANN-Tr2T4bwaYunFLAc4q6CG7j8kOkpH095Zb-GygKkShkrEPu9xVGbbJTwGXoPgsNXZnXiCQkjQBPvTsSRtsrnUzV7sAPyiC5HUDAQVfou4OdMeOj0sUJ58J_OYZv42_wCKLrK_mIQCJ8cHYFZPxziQzMcC2v2MJzO4_NrxyX35W__8uzPaM50D4zN6kAOabraPtMXe6-J9oHnA3r-tjnw1i8Xzy6MJ82PNfA-ZK1xONmBdhhHA9aP_H8qvobr4J5-yNGtyMKiOMn3B1MBqDb-wzG5oId5YAY2dge-4qxULOjqMClRb9f9ju5S5WnOA46S-g1DjpclFztCYR3Os__3B2n3THt3fbRsL5xScTUNPyjOT6qKMjKIWwY9lChfT_bQ?testcase_id=6372362326114304 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/29041010864c5d9b454ed3739873b2dcccc42767 commit 29041010864c5d9b454ed3739873b2dcccc42767 Author: Nicolas Pena <npm@chromium.org> Date: Wed Mar 22 17:58:14 2017 Fix ASSERT in CPDF_Data_Avail If ParseIndirectObjectAt fails, the replaced object will be null. So we can't ASSERT the output of ValidatePage. CL introducing the ASSERT: https://codereview.chromium.org/2483633002/ BUG= chromium:702897 Change-Id: Ib6e8c0bccaf2c05893f0abef27d431e112064865 Reviewed-on: https://pdfium-review.googlesource.com/3146 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [modify] https://crrev.com/29041010864c5d9b454ed3739873b2dcccc42767/core/fpdfapi/parser/cpdf_data_avail.cpp
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6bd6316584bd2a17476cb3ff7a84b538ee15b204 commit 6bd6316584bd2a17476cb3ff7a84b538ee15b204 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Wed Mar 22 20:28:51 2017 Roll src/third_party/pdfium/ 5bcd9a322..290410108 (1 commit) https://pdfium.googlesource.com/pdfium.git/+log/5bcd9a32232e..29041010864c $ git log 5bcd9a322..290410108 --date=short --no-merges --format='%ad %ae %s' 2017-03-22 npm Fix ASSERT in CPDF_Data_Avail Created with: roll-dep src/third_party/pdfium BUG= 702897 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2764373003 Cr-Commit-Position: refs/heads/master@{#458861} [modify] https://crrev.com/6bd6316584bd2a17476cb3ff7a84b538ee15b204/DEPS
ClusterFuzz has detected this issue as fixed in range 458846:458883. Detailed report: https://clusterfuzz.com/testcase?key=6372362326114304 Fuzzer: libfuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: ASSERT Crash Address: Crash State: is_page_valid CPDF_DataAvail::GetPage CPDF_DataAvail::IsPageAvail Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=431173:431198 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=458846:458883 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv958eq3gZ5i_ipOEeDjxvSPsic-ANN-Tr2T4bwaYunFLAc4q6CG7j8kOkpH095Zb-GygKkShkrEPu9xVGbbJTwGXoPgsNXZnXiCQkjQBPvTsSRtsrnUzV7sAPyiC5HUDAQVfou4OdMeOj0sUJ58J_OYZv42_wCKLrK_mIQCJ8cHYFZPxziQzMcC2v2MJzO4_NrxyX35W__8uzPaM50D4zN6kAOabraPtMXe6-J9oHnA3r-tjnw1i8Xzy6MJ82PNfA-ZK1xONmBdhhHA9aP_H8qvobr4J5-yNGtyMKiOMn3B1MBqDb-wzG5oId5YAY2dge-4qxULOjqMClRb9f9ju5S5WnOA46S-g1DjpclFztCYR3Os__3B2n3THt3fbRsL5xScTUNPyjOT6qKMjKIWwY9lChfT_bQ?testcase_id=6372362326114304 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 6372362326114304 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Comment 1 by kcc@chromium.org
, Mar 21 2017Components: Internals>Plugins>PDF
Owner: npm@chromium.org