New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 708439 link

Starred by 1 user
Status: Verified
Owner:
dsinclair@chromium.org
Closed: Apr 2017
Cc:
msrchandra@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Undefined-shift in CJBig2_HuffmanTable::ParseFromCodedBuffer

Project Member Reported by ClusterFuzz, Apr 5 2017

Comment 1 by msrchandra@chromium.org, Apr 5 2017

Cc: msrchandra@chromium.org
Labels: Test-Predator-Correct-CLs M-59
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)
Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: Dan Sinclair
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/0bb1333a9eff1190ddd68f34c71d6a779c69dfef
Time: Thu Mar 30 16:12:02 2017 -0400
Lines 1232 of file JBig2_Context.cpp which potentially caused crash are changed in this cl (frame #3, "CJBig2_Context::parseTable").
Minimum distance from crash line to modified line: 0. (file: JBig2_Context.cpp, crashed on: 1232, modified: 1232).

@dsinclair -- Could you please take a look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by dsinclair@chromium.org, Apr 10 2017

Status: Started (was: Assigned)
https://pdfium-review.googlesource.com/c/3991/
Project Member

Comment 3 by ClusterFuzz, Apr 12 2017 

ClusterFuzz has detected this issue as fixed in range 463671:463725.

Detailed report: https://clusterfuzz.com/testcase?key=6218141207363584

Fuzzer: libfuzzer_pdf_codec_jbig2_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  CJBig2_HuffmanTable::ParseFromCodedBuffer
  CJBig2_HuffmanTable::CJBig2_HuffmanTable
  pdfium::internal::MakeUniqueResult<CJBig2_HuffmanTable>::Scalar pdfium::MakeUniq
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=460714:460934
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=463671:463725

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv94ssqJva6H6TAJaav0ioVvQ1dLWW3a5-hE-IZ7du_DZiIsnt3_oHfaWTzsQi2CKRPGcZp3K7Fy6JbTgHM2bpLdFUVWcCEdJBPUhY-l6teC0IK44yMAsZ5FL_0tUm-y1V_wsXHaq2QjROQfe-1oso3MYxp1CvxMF23wGNIhkDeNwNoSxbkzNDhD-YguJm7I6lZDj7MZV3tYrXAYvWs-6XLXCO136Q-nGzeRwOacWw0zeF4Cjk_KLaCo6FZBdkYUzo-bhHdOxXR82GgoTsz2e-MRPRsJv0y9caY1aLIiGhpc-Qvz6C66oNCL_dSah-BDSGWzs1ucyOjHKNQBUPelG8X4om5hoesa6vA-mclGFqALkxJdvNaZR3ZdTmseSGE98U0Q51RYXmLhN_TBCDdlABq2pYyvVJg?testcase_id=6218141207363584


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 4 by ClusterFuzz, Apr 12 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Started)
ClusterFuzz testcase 6218141207363584 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Comment 5 by thestig@chromium.org, May 15 2017

Components: Internals>Plugins>PDF

Sign in to add a comment