Issue metadata
Sign in to add a comment
|
<no crash state available> |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6386650071695360 Fuzzer: anil_pdf_fuzzer Job Type: linux_asan_pdfium Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x7f2e109a8851 Crash State: NULL Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=457847:457887 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97sPck7P-sTMwJ_xsR0PPLVfoWt-tYdjZ3EY4wzUkKktqrzzHJTxrQPchyZl9rHMY6-fAB6GoqqjbeutRzV6ioQhuZMA7-jws__7ZVv472Zbk-6oKMXW0raIGBQl4P1aXKxmyuLBVObGf-fiO4_PhRuQTfkJIoRQ4QK-wZpMpV0qB8YPRitfs1ddPHMv7nSMulDCffY1s7nLTtH3Lwn3kEcG8iI-Lh0wYbdgwAusUUSBzTsd5SOYFAdqTXm2tQoViZuBAwm0ZjgYDeYHhPbheAkNVA8wWiwslYTB4QvWNpRY7XWOhO-raLaisdYoin6aKYWnBNfKsvE8UygKkvz30HVSkChOg5JbNe8BAHcNKEQMOBidj5Yp6JMdrrDIZAF2JUIr-NC5gWoM_f9Zr08w6n9Rw2czg?testcase_id=6386650071695360 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 17 2017
This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 17 2017
,
Apr 18 2017
weili: https://pdfium.googlesource.com/pdfium/+log/78616574cedcb52cce8a25bd684bf9638a87de7a..7630907c7ecbb700e4de287550dbed06f36fbe9e?pretty=fuller is the only PDFium CL that landed in the range for this. There isn't a crash stack in ClusterFuzz but it's a PDF fuzzer. Do you mind investigating please?
,
Apr 18 2017
That looks like a V8 crash. Should we reassign?
,
Apr 18 2017
+cc the current v8 clusterfuzz sheriff to take a look
,
Apr 20 2017
,
Apr 25 2017
A friendly reminder that M59 Beta launch is coming soon! Your bug is labelled as Release Block Beta. All fixes need to be merged into the release branch (3071) latest by tomorrow, 04/26 4:00 PM PT in order to make into the desktop Beta final build cut. Thank you!
,
Apr 25 2017
,
Apr 26 2017
Here is some results of my investigation: 1. This crash has nothing to do with my change. 2. The crash happened at core/fxge/dib/fx_dib_transform.cpp:35. That entire file was removed due to recent refactoring efforts, so we can no longer repro. 3. By tracing thru the original crash (since there is no symbol, no repro), I suspect that the crash was caused by some unsafe computations in CFX_BilinearMatrix::Transform() which has already been refactored to safer ones. Since running the cf test case on current/recent version no longer causes any problem, could we close this one?
,
Apr 27 2017
https://pdfium-review.googlesource.com/4495 may have fixed this. i.e. this is bug 702041 .
,
Apr 27 2017
ClusterFuzz has detected this issue as fixed in range 467403:467472. Detailed report: https://clusterfuzz.com/testcase?key=6386650071695360 Fuzzer: anil_pdf_fuzzer Job Type: linux_asan_pdfium Platform Id: linux Crash Type: UNKNOWN Crash Address: 0x7f2e109a8851 Crash State: NULL Sanitizer: address (ASAN) Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=457847:457887 Fixed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=467403:467472 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6386650071695360 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 27 2017
,
Aug 4 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Apr 17 2017