Issue metadata
Sign in to add a comment
|
Stack-use-after-return in CFX_Font::GetFace |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4580615686193152 Fuzzer: libfuzzer_pdfium_xfa_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f6cd113ea70 Crash State: CFX_Font::GetFace SkiaState::FlushText SkiaState::Flush Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=459132:459191 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94BSM0TX54Bb5fE5GH8PTKEJHqLEGseJ5eriUOdVsu72lSfErBc9MPZ3KQLi-4gIi8MRVNWDGU2chouQipNSnb8gyYNp5VjdxOcf5yrp1A9m5qQeorKFXR-LksTK0CS8QkV9BPwth0bdXyl8wlS3HTUsftVQtXt2tushOGoTgnmto5a6FvxHTstrsSWJ8BgridTvykD_UQbQFyOhcCFu0hbatywiDbn3acxACVyXow6qk7kLij-zDVIcQF3ZY5nKj8dVwwR5wFhKTQ8b6NLB4zeC9M5VJ-im_HXnulDAM7zFFeY6_k36ZqDZK7adVQGO4R5GP6oxFYG_teRsrhuXnqdP3qvuaTaocgUFa6ntBkGkkmu6kiP1csw1E6nbIGVX4ONgy1lhk_LCgDSEXenOvnO00-L4g?testcase_id=4580615686193152 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Mar 25 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 25 2017
,
Mar 25 2017
dsinclair@, is it possible this is related to your change https://pdfium-review.googlesource.com/c/3159/? Feel free to re-assign.
,
Mar 26 2017
,
Mar 27 2017
This is XFA, which is not enabled on any branch of chromium.
,
Mar 28 2017
,
Mar 29 2017
ClusterFuzz has detected this issue as fixed in range 460158:460200. Detailed report: https://clusterfuzz.com/testcase?key=4580615686193152 Fuzzer: libfuzzer_pdfium_xfa_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Stack-use-after-return READ 8 Crash Address: 0x7f6cd113ea70 Crash State: CFX_Font::GetFace SkiaState::FlushText SkiaState::Flush Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=459132:459191 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=460158:460200 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94BSM0TX54Bb5fE5GH8PTKEJHqLEGseJ5eriUOdVsu72lSfErBc9MPZ3KQLi-4gIi8MRVNWDGU2chouQipNSnb8gyYNp5VjdxOcf5yrp1A9m5qQeorKFXR-LksTK0CS8QkV9BPwth0bdXyl8wlS3HTUsftVQtXt2tushOGoTgnmto5a6FvxHTstrsSWJ8BgridTvykD_UQbQFyOhcCFu0hbatywiDbn3acxACVyXow6qk7kLij-zDVIcQF3ZY5nKj8dVwwR5wFhKTQ8b6NLB4zeC9M5VJ-im_HXnulDAM7zFFeY6_k36ZqDZK7adVQGO4R5GP6oxFYG_teRsrhuXnqdP3qvuaTaocgUFa6ntBkGkkmu6kiP1csw1E6nbIGVX4ONgy1lhk_LCgDSEXenOvnO00-L4g?testcase_id=4580615686193152 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Mar 29 2017
ClusterFuzz testcase 4580615686193152 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Mar 29 2017
The code was disabled, but the issue still exists if skia paths is enabled again.
,
Apr 12 2017
,
Apr 17 2017
,
Apr 17 2017
,
Jul 24 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 18 2017
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Mar 25 2017