Out-of-memory in pdf_codec_tiff_fuzzer |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6691857099915264 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: pdf_codec_tiff_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=453639:453667 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97vPKuhtPi6DHzJeDUQjQUc0zIJCOojp6gEH4ow0B72xrC0DIpLTF2uapxc5HDPmjxWvRK9zOlfl0pPCO947Pnhp2X59PQyoZSbKJULq0l-InILIuLWKK_zX5l8z3lPZgQbCuyd5yE5isp8h5oDnRsMYX-jKapcQahuVpZCWtirWtVBcIDIUhc3qESX-qtAKfjDz-WcIhOy698CzjIWkP09VYb--aTRVQX7jtXlj7ZoIv6qhgB1hLVV7QFMqfG21ka9UQ4utI_RLkmwuh2d7WIWZmT8ZEA0K-nZIvVB05dLHqF65HdOBwWXKkx_9dq1PtD1NpA8IUNUep1zmWFh9VSrjlZjQyittDPEWKppKmiBPjdv-Ug?testcase_id=6691857099915264 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Apr 1 2017
Could someone please take a look?. Thank you
,
Apr 1 2017
,
Apr 3 2017
npm@ can you take a look?
,
Apr 5 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/3198c681df875f7f268f03040b64343741d4bda1 commit 3198c681df875f7f268f03040b64343741d4bda1 Author: Nicolas Pena <npm@chromium.org> Date: Wed Apr 05 20:29:31 2017 Libtiff: Prevent OOM in TIFFFillStrip In TIFFFillStrip, calls to TIFFReadBufferSetup may allocate large amounts of memory. In this CL we do sanity checks on the claimed size of the raw strip data before that happens, to prevent out-of-memory. Bug: chromium:707431 Change-Id: I4e7c9a8630fad11d4f68a3ceccd71ffa511f4293 Reviewed-on: https://pdfium-review.googlesource.com/3811 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> [add] https://crrev.com/3198c681df875f7f268f03040b64343741d4bda1/third_party/libtiff/0021-oom-TIFFFillStrip.patch [modify] https://crrev.com/3198c681df875f7f268f03040b64343741d4bda1/third_party/libtiff/tif_read.c [modify] https://crrev.com/3198c681df875f7f268f03040b64343741d4bda1/third_party/libtiff/README.pdfium
,
Apr 6 2017
ClusterFuzz has detected this issue as fixed in range 462234:462287. Detailed report: https://clusterfuzz.com/testcase?key=6691857099915264 Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: pdf_codec_tiff_fuzzer Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=453639:453667 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=462234:462287 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97vPKuhtPi6DHzJeDUQjQUc0zIJCOojp6gEH4ow0B72xrC0DIpLTF2uapxc5HDPmjxWvRK9zOlfl0pPCO947Pnhp2X59PQyoZSbKJULq0l-InILIuLWKK_zX5l8z3lPZgQbCuyd5yE5isp8h5oDnRsMYX-jKapcQahuVpZCWtirWtVBcIDIUhc3qESX-qtAKfjDz-WcIhOy698CzjIWkP09VYb--aTRVQX7jtXlj7ZoIv6qhgB1hLVV7QFMqfG21ka9UQ4utI_RLkmwuh2d7WIWZmT8ZEA0K-nZIvVB05dLHqF65HdOBwWXKkx_9dq1PtD1NpA8IUNUep1zmWFh9VSrjlZjQyittDPEWKppKmiBPjdv-Ug?testcase_id=6691857099915264 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 6 2017
ClusterFuzz testcase 6691857099915264 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by ClusterFuzz
, Apr 1 2017