Stack-overflow in CFieldTree::Node::GetFieldInternal |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5427740657582080 Fuzzer: ifratric_pdf_generic Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff5ba5dff8 Crash State: CFieldTree::Node::GetFieldInternal Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=338204:338244 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5427740657582080 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 28 2017
Repros with pdfium_test.
,
Apr 28 2017
https://pdfium-review.googlesource.com/4612
,
Apr 28 2017
https://pdfium.googlesource.com/pdfium/+/7831f57f04ad3f581222b0a23eeb736601f98e96
,
Apr 28 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/7831f57f04ad3f581222b0a23eeb736601f98e96 commit 7831f57f04ad3f581222b0a23eeb736601f98e96 Author: Lei Zhang <thestig@chromium.org> Date: Fri Apr 28 19:06:30 2017 Fix stack overflow in CFieldTree::Node::GetFieldInternal(). Limit recursion depth, just like in CountFieldsInternal(). BUG= chromium:716523 Change-Id: I70c052347a1d8fb9a4dbc065a1c9af55c02818f2 Reviewed-on: https://pdfium-review.googlesource.com/4612 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> [modify] https://crrev.com/7831f57f04ad3f581222b0a23eeb736601f98e96/core/fpdfdoc/cpdf_interform.cpp
,
Apr 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f0df9ac838182e26c1445288a6e822f8f58ab30c commit f0df9ac838182e26c1445288a6e822f8f58ab30c Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Fri Apr 28 21:16:04 2017 Roll src/third_party/pdfium/ 66568bcd6..60cd033ad (2 commits) https://pdfium.googlesource.com/pdfium.git/+log/66568bcd683d..60cd033adf6c $ git log 66568bcd6..60cd033ad --date=short --no-merges --format='%ad %ae %s' 2017-04-27 thestig Remove dead dimensions code in fxbarcode. 2017-04-28 thestig Fix stack overflow in CFieldTree::Node::GetFieldInternal(). Created with: roll-dep src/third_party/pdfium BUG= 716523 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: I0e8b85c630a34df3178043e4a5fd729201d45858 Reviewed-on: https://chromium-review.googlesource.com/490806 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#468126} [modify] https://crrev.com/f0df9ac838182e26c1445288a6e822f8f58ab30c/DEPS
,
Apr 29 2017
ClusterFuzz has detected this issue as fixed in range 468125:468133. Detailed report: https://clusterfuzz.com/testcase?key=5427740657582080 Fuzzer: ifratric_pdf_generic Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff5ba5dff8 Crash State: CFieldTree::Node::GetFieldInternal Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=338204:338244 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=468125:468133 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5427740657582080 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
||||
►
Sign in to add a comment |
||||
Comment 1 by shrike@chromium.org
, Apr 28 2017