New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 704835 link

Starred by 1 user
Status: Verified
Owner:
npm@chromium.org
Closed: Mar 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Direct-leak in CFX_FxgeDevice::Create

Project Member Reported by ClusterFuzz, Mar 24 2017

Comment 1 by msrchandra@chromium.org, Mar 24 2017

Cc: msrchandra@chromium.org
Labels: M-59 Test-Predator-Wrong-CLs
Owner: npm@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not provide any possible suspects.
Using Code Search for the file, "cpdf_renderstatus.cpp" assigning to the concern owner.
Suspecting Commit#
https://pdfium.googlesource.com/pdfium.git/+/4650ded3dccefca89b4ef4757bae49a21b4a786d

@Nicolás Peña -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 24 2017 

The following revision refers to this bug:
  https://pdfium.googlesource.com/pdfium/+/73b607fcb5f904893a0610b2c7fb8726d09379e6

commit 73b607fcb5f904893a0610b2c7fb8726d09379e6
Author: Nicolas Pena <npm@chromium.org>
Date: Fri Mar 24 16:45:25 2017

Fix CFX_FxgeDevice constructor and destructor in Skia

Attach and Create methods may be called without _SKIA_SUPPORT_, so the bitmap
ownership code can't be if def'd to _SKIA_SUPPORT_.

Bug: chromium:704835 

Change-Id: If6a7da508156ca3c45898bf101d84dd8295e479f
Reviewed-on: https://pdfium-review.googlesource.com/3210
Reviewed-by: Cary Clark <caryclark@google.com>
Commit-Queue: Nicolás Peña <npm@chromium.org>

[modify] https://crrev.com/73b607fcb5f904893a0610b2c7fb8726d09379e6/core/fxge/skia/fx_skia_device.cpp
Project Member

Comment 3 by ClusterFuzz, Mar 25 2017 

ClusterFuzz has detected this issue as fixed in range 459334:459484.

Detailed report: https://clusterfuzz.com/testcase?key=4689431803199488

Fuzzer: libfuzzer_pdfium_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Direct-leak
Crash Address: 
Crash State:
  CFX_FxgeDevice::Create
  CPDF_RenderStatus::LoadSMask
  CPDF_RenderStatus::ProcessTransparency
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=458783:458809
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=459334:459484

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv95ms7EHvGtURAn8WOG1IkNrawCFGQFgsVTsTTpztBgsiI3kYKnUmXo8d4h88_-vfjsUgnrpUqa4snblWD7rp-sNnKfkKbHcavzMf62q2Ki6oAiQfXnRbYHNj8VC1b91SoDlPnyUXiwU9D8PkovcAKQ-akWpnGHtIqOZi_q3eLHpIPgEonFPN--lGYP4KFliEj0oIf9-vAfteD5xWmQfpnvLD18ihUc5e8xj4tIv6NQI7wPlUurJLtjVijpmlqJSPs9j23Q3qqA9D4ednlTszoJspcz0lPif6WtoX8kMTIEnXHwCLdBkiOputAGLL7LugNYEA3wCaLBndIseK3RvyIDmJnRa1T5-XMz0ISYPbAIN3KRn4Ylj32NIhDJmh-qHy1sfJGrucWPgr-Q7LC5Ctl18_9ruuQ?testcase_id=4689431803199488


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Mar 25 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4689431803199488 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 5 by thestig@chromium.org, May 15 2017

Components: Internals>Plugins>PDF

Sign in to add a comment