New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 705821 link

Starred by 1 user
Status: Fixed
Owner:
caryclark@google.com
Last visit > 30 days ago
Closed: Apr 2017
Cc:
ifratric@google.com
dsinclair@chromium.org
caryclark@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Security

Blocking:
issue pdfium:11



Sign in to add a comment

Use-of-uninitialized-value in SkPath::operator=

Project Member Reported by ClusterFuzz, Mar 28 2017
Project Member

Comment 1 by sheriffbot@chromium.org, Mar 28 2017

Labels: Pri-2

Comment 2 by ta...@google.com, Mar 29 2017

Components: Internals>Skia>PDF
Owner: caryclark@chromium.org
Status: Assigned (was: Untriaged)
caryclark@, I wonder if you can take a look at this bug. Your recent change seems related.

https://cs.chromium.org/chromium/src/third_party/pdfium/core/fxge/skia/fx_skia_device.cpp?sq=package:chromium&type=cs&l=1378 from https://pdfium.googlesource.com/pdfium.git/+/f4a9f83b38a0a45cda3205ad50747e6a7719f8ab%5E%21/#F0
Project Member

Comment 3 by ClusterFuzz, Mar 29 2017 

ClusterFuzz has detected this issue as fixed in range 460139:460163.

Detailed report: https://clusterfuzz.com/testcase?key=4817967658565632

Fuzzer: ifratric_pdf_generic
Job Type: linux_msan_pdfium
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  SkPath::operator=
  SkiaState::ClipSave
  CFX_SkiaDeviceDriver::RestoreState
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Low

Regressed: https://clusterfuzz.com/revisions?job=linux_msan_pdfium&range=459789:459833
Fixed: https://clusterfuzz.com/revisions?job=linux_msan_pdfium&range=460139:460163

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96OSqPBKOT-Fi2lvtYQRyqqrSN65bfWwsb2fMGwvf41cohEA1X6yh3iY5LrXKVtlD2lOR_PtnKEbNMKFlPHxR6om_p7SS12uRkHhCEI-ufn2zV0kU9A1m7S9HMt7ZtGeb-KNED0JJODx-kxn3U8AIwz-nEwXG66n4hk8uKp1WpXEj4yJsRApJE8YlHAft2w3L2U7TDz8f8DbDuB6df3Xq_J06GWAJInrQgKZZ6GWkaADL-RWoI5kjTFg9UvA5xJS2ONG1deQDQkDxvdpmyIhSzWc51Cz_yRi5oKCysxwxK-QhU2gXCP9q_NKD9_olW-jPnnJeIXc2O-FrhEuUUyws68483meEDy9UD9QiXNkyMd8tB5mbyQY6wGoMg2yiNu949KXnu7e2OPNuUkQusIvg6mx3OKVQ?testcase_id=4817967658565632


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Mar 29 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 4817967658565632 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 5 by caryclark@chromium.org, Mar 29 2017

Blocking: pdfium:11
Cc: dsinclair@chromium.org
Owner: caryclark@google.com
Project Member

Comment 6 by sheriffbot@chromium.org, Mar 29 2017

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 7 by dsinclair@chromium.org, Apr 10 2017

Labels: ClusterFuzz-Wrong
Status: Assigned (was: Verified)

Comment 8 by caryclark@google.com, Apr 12 2017

Cc: caryclark@google.com
 Issue 705738  has been merged into this issue.

Comment 9 by caryclark@google.com, Apr 12 2017 

fixed in https://pdfium-review.googlesource.com/c/4090/ (mistyped bug # in CL)

Comment 10 by caryclark@google.com, Apr 17 2017

Status: Fixed (was: Assigned)
Project Member

Comment 11 by sheriffbot@chromium.org, Jul 24 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 12 by infe...@chromium.org, Sep 18 2017

Labels: -ClusterFuzz-Wrong
We have made a bunch of changes on ClusterFuzz side, so resetting ClusterFuzz-Wrong label.

Sign in to add a comment