Detailed report: https://clusterfuzz.com/testcase?key=5736002590343168 Fuzzer: ifratric_pdf_generic Job Type: linux_msan_pdfium Platform Id: linux Crash Type: Sanitizer CHECK failure Crash Address: Crash State: ((IsAligned(reinterpret_cast<uptr>(p), page_size_))) != (0) (0, 0) Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_msan_pdfium&range=458746:458879 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94NuEMD4KNcyPLWo-SSdRlo_ZXluNzP73d04rTSgUyC2h1hjyqdRTYnLKTSeq6MASEJiFQ92h4Z65SgQR3vjd3LWP7LjNUklFazpF_tlRQExyV7NnOZZmu3nZFDeopdxlk0Y-_Ps2nMmDlziy019E1P8FeucV0zf1Ud9SQqWX-OzyJ4171b55IDvHkZYhZDi2cGMvrJzv8qtCqWXHYlIqw1WIV91Bi2fbkES0kFlG0JHRDiDCv_ZuGcuNphnki8TYmYCO37nBOj3AxCykLZqlNl0QTwqGOzjp9dm3-EqGeJcYmF4HMsWH2FKz-AqXyh-F-7zt7Qnos-97KeNqsA8bGCrge93yqyscScQhOpliuHOCkmfr0hwakaZjPjQFS9orz_u6FnWGHzOcN15Kqsfu7CPlM9Jg?testcase_id=5736002590343168 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
MemorySanitizer: bad pointer 0x20000ffffffff Looks like a bad free().
ClusterFuzz has detected this issue as fixed in range 459058:459061. Detailed report: https://clusterfuzz.com/testcase?key=5736002590343168 Fuzzer: ifratric_pdf_generic Job Type: linux_msan_pdfium Platform Id: linux Crash Type: Sanitizer CHECK failure Crash Address: Crash State: ((IsAligned(reinterpret_cast<uptr>(p), page_size_))) != (0) (0, 0) Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=linux_msan_pdfium&range=458746:458879 Fixed: https://clusterfuzz.com/revisions?job=linux_msan_pdfium&range=459058:459061 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94NuEMD4KNcyPLWo-SSdRlo_ZXluNzP73d04rTSgUyC2h1hjyqdRTYnLKTSeq6MASEJiFQ92h4Z65SgQR3vjd3LWP7LjNUklFazpF_tlRQExyV7NnOZZmu3nZFDeopdxlk0Y-_Ps2nMmDlziy019E1P8FeucV0zf1Ud9SQqWX-OzyJ4171b55IDvHkZYhZDi2cGMvrJzv8qtCqWXHYlIqw1WIV91Bi2fbkES0kFlG0JHRDiDCv_ZuGcuNphnki8TYmYCO37nBOj3AxCykLZqlNl0QTwqGOzjp9dm3-EqGeJcYmF4HMsWH2FKz-AqXyh-F-7zt7Qnos-97KeNqsA8bGCrge93yqyscScQhOpliuHOCkmfr0hwakaZjPjQFS9orz_u6FnWGHzOcN15Kqsfu7CPlM9Jg?testcase_id=5736002590343168 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
ClusterFuzz testcase 5736002590343168 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Comment 1 by euge...@chromium.org
, Mar 23 2017