Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in CFX_SAXReader::ParseChar |
||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5181539374858240 Fuzzer: afl_pdf_cfx_saxreader_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address: 0x6150000007ae Crash State: CFX_SAXReader::ParseChar CFX_SAXReader::ParseText CFX_SAXReader::ContinueParse Sanitizer: address (ASAN) Recommended Security Severity: High Reproducer Testcase: https://clusterfuzz.com/download/AMIfv945fDuoyllzkCLHcagKsv4CD50iziHIUNRtZadJScg_KE9nRI8tqi17LC63OUpoHH1TAgWq_rTxmOzMaFXYNrib-GNoSaJEDsZTMhffINDUAELTWnWvPYar-s8I5evvQjwfdTCY5wJT4qsLIlSUt1E_3E7txt7rkgFA-RakmeIA5kesYKfazXwtWrbF1CBQrBCugojRQw-lDnMNXXwU3wyODYqFwsWwkfGIus7Hgtho4vqz5i1ycbNAiSBSaBcO8tBaBOZ4rx246EA6kwk35gBuYYdvNXy2j1y_81wS2nQTSF3HQkYFUl90mwJD9Z0j3B81OHxGo8lUZ94fX0KKEMoxNKOD5dfWkfyVE98GjDQqMoSwexM?testcase_id=5181539374858240 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Apr 15 2017
,
Apr 18 2017
Hi Tom, do you mind having a look at this? Not sure if this component in PDFium is enabled in Chrome.
,
Apr 18 2017
tsepez, could you please help triage? Thank you!
,
Apr 18 2017
Doh, sheriffing collision :)
,
Apr 20 2017
,
Apr 20 2017
I would have expected https://pdfium-review.googlesource.com/4230 to have taken care of this. I will see if it still repros following that.
,
Apr 20 2017
Aha. The autoroller has been failing for some time and the above hasn't made it into chromium's DEPS yet. I think this will auto-close when that happens.
,
Apr 25 2017
ClusterFuzz has detected this issue as fixed in range 465939:466784. Detailed report: https://clusterfuzz.com/testcase?key=5181539374858240 Fuzzer: afl_pdf_cfx_saxreader_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address: 0x6150000007ae Crash State: CFX_SAXReader::ParseChar CFX_SAXReader::ParseText CFX_SAXReader::ContinueParse Sanitizer: address (ASAN) Recommended Security Severity: High Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=465939:466784 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5181539374858240 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 25 2017
ClusterFuzz testcase 5181539374858240 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Apr 25 2017
,
Apr 28 2017
,
Apr 29 2017
Your change meets the bar and is auto-approved for M59. Please go ahead and merge the CL to branch 3071 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 2 2017
,
May 2 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 2 2017
XFA-only feature => not shipping => merge not required.
,
May 3 2017
,
Aug 1 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Apr 15 2017