Issue metadata
Sign in to add a comment
|
Heap-buffer-overflow in CFX_ClipRgn::IntersectMaskRect |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5159062150053888 Fuzzer: ifratric_acrojs Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x35f2a830 Crash State: CFX_ClipRgn::IntersectMaskRect CFX_ClipRgn::IntersectRect CFX_AggDeviceDriver::SetClip_PathFill Memory Tool: SYZYASAN Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=460139:460171 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96y5m6Y5xQPxj4K9tFPne0WGPNcNULJO8JxGCx_tmTh19Gb4JIvUhJH3v_te_4IBc7CWfyjO_FUXFwGv5ux5JU8S0uoQjxKQapa-9OfmB08L8PJMffCGaZmArhrH-WA8FbQK7PnpKOYB3MzwCWwWVJsUAcY3FZV-pKUGyh6TNeYRQ4sXIA5DGvFq6Iu_vwHKN1-qtQkLpSw0Xn6MWZxEKd8k0TV0Kbg7QEqX-tIzuHhaE2K2KB3sgnPmCuQu4Pmocy_jUr_ZkaUEeBNWQ7kwEK_Z1VauspWEKWLJId-kdcT0VG7PhOaKjuttLnKG0tA0EK5lvtXaUUhNrhAVc3_xzARNj6V-vsQj1USLhbq-Q7tlQgVKiv0uX23uqdAzJ-Rso_E4m3T_kW8vshu8QI82UPc1XQeDA?testcase_id=5159062150053888 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 19 2017
Tom, this seems related to https://pdfium.googlesource.com/pdfium/+/0004f29bf6ee3c6060a272c79f14993e92e053c7 and its reverts. Can you please take a look?
,
Apr 20 2017
ClusterFuzz has detected this issue as fixed in range 460866:460935. Detailed report: https://clusterfuzz.com/testcase?key=5159062150053888 Fuzzer: ifratric_acrojs Job Type: windows_syzyasan_chrome Platform Id: windows Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x35f2a830 Crash State: CFX_ClipRgn::IntersectMaskRect CFX_ClipRgn::IntersectRect CFX_AggDeviceDriver::SetClip_PathFill Memory Tool: SYZYASAN Recommended Security Severity: Medium Regressed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=460139:460171 Fixed: https://clusterfuzz.com/revisions?job=windows_syzyasan_chrome&range=460866:460935 Reproducer Testcase: https://clusterfuzz.com/download/AMIfv96y5m6Y5xQPxj4K9tFPne0WGPNcNULJO8JxGCx_tmTh19Gb4JIvUhJH3v_te_4IBc7CWfyjO_FUXFwGv5ux5JU8S0uoQjxKQapa-9OfmB08L8PJMffCGaZmArhrH-WA8FbQK7PnpKOYB3MzwCWwWVJsUAcY3FZV-pKUGyh6TNeYRQ4sXIA5DGvFq6Iu_vwHKN1-qtQkLpSw0Xn6MWZxEKd8k0TV0Kbg7QEqX-tIzuHhaE2K2KB3sgnPmCuQu4Pmocy_jUr_ZkaUEeBNWQ7kwEK_Z1VauspWEKWLJId-kdcT0VG7PhOaKjuttLnKG0tA0EK5lvtXaUUhNrhAVc3_xzARNj6V-vsQj1USLhbq-Q7tlQgVKiv0uX23uqdAzJ-Rso_E4m3T_kW8vshu8QI82UPc1XQeDA?testcase_id=5159062150053888 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Apr 20 2017
ClusterFuzz testcase 5159062150053888 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Apr 20 2017
,
Jul 27 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 28
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ClusterFuzz
, Apr 19 2017