Stack-overflow in CXML_Parser::ParseElement |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5622057896509440 Fuzzer: ifratric_pdf_generic Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff59528ed0 Crash State: CXML_Parser::ParseElement Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=352857:352959 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5622057896509440 Issue filed automatically. See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
,
Apr 28 2017
https://pdfium-review.googlesource.com/c/4615/
,
Apr 28 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/84faa032e327ad61e38197114a164e969051b5af commit 84faa032e327ad61e38197114a164e969051b5af Author: Lei Zhang <thestig@chromium.org> Date: Fri Apr 28 21:58:06 2017 Limit recursion in CXML_Parser::ParseElement(). BUG= chromium:716526 Change-Id: Idbe4624ab2193cee2931c69ed023dd2c1679d124 Reviewed-on: https://pdfium-review.googlesource.com/4615 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> [modify] https://crrev.com/84faa032e327ad61e38197114a164e969051b5af/core/fxcrt/xml/cxml_element.cpp [modify] https://crrev.com/84faa032e327ad61e38197114a164e969051b5af/core/fxcrt/xml/cxml_parser.h [modify] https://crrev.com/84faa032e327ad61e38197114a164e969051b5af/core/fxcrt/xml/cxml_parser.cpp
,
Apr 28 2017
,
Apr 29 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7988a5c627d0f19ab14ccddfa532db52076c6ce5 commit 7988a5c627d0f19ab14ccddfa532db52076c6ce5 Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Sat Apr 29 02:21:35 2017 Roll src/third_party/pdfium/ 3b91290ba..ce8e51e6c (5 commits) https://pdfium.googlesource.com/pdfium.git/+log/3b91290ba31e..ce8e51e6c444 $ git log 3b91290ba..ce8e51e6c --date=short --no-merges --format='%ad %ae %s' 2017-04-28 rbpotter Fix rotations 2017-04-28 thestig Clean up private methods in CBC_C40Encoder. 2017-04-28 tsepez Remove some more |new|s, part 4. 2017-04-28 thestig Limit recursion in CXML_Parser::ParseElement(). 2017-04-28 thestig Disallow CPDF_FormField with deep node trees. Created with: roll-dep src/third_party/pdfium BUG= 713197 , 716526 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: I81ccbaaacbb34cc9923714ca87841f2c756d6b3c Reviewed-on: https://chromium-review.googlesource.com/490699 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#468212} [modify] https://crrev.com/7988a5c627d0f19ab14ccddfa532db52076c6ce5/DEPS
,
Apr 29 2017
ClusterFuzz has detected this issue as fixed in range 468207:468214. Detailed report: https://clusterfuzz.com/testcase?key=5622057896509440 Fuzzer: ifratric_pdf_generic Job Type: mac_asan_chrome Platform Id: mac Crash Type: Stack-overflow Crash Address: 0x7fff59528ed0 Crash State: CXML_Parser::ParseElement Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=352857:352959 Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=468207:468214 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5622057896509440 See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||
►
Sign in to add a comment |
|||
Comment 1 by shrike@chromium.org
, Apr 28 2017