Abrt in CCodec_ProgressiveDecoder::GifInputRecordPositionBuf |
||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6306107244150784 Fuzzer: afl_pdf_codec_gif_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Abrt Crash Address: 0x03e9000041d3 Crash State: CCodec_ProgressiveDecoder::GifInputRecordPositionBuf CCodec_ProgressiveDecoder::GifInputRecordPositionBuf CGifDecompressor::GetRecordPosition Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=470825:470884 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6306107244150784 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 11 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/0dc8571d1354b8c319510be625a446218449f532 commit 0dc8571d1354b8c319510be625a446218449f532 Author: Nicolas Pena <npm@chromium.org> Date: Thu May 11 20:01:33 2017 Do not use vector data() when it is empty Before, all pointers were being initialized to 0. After raw pointers were changed to vectors, data() was used in some cases, but now no longer returns nullptr when it is supposed to. This CL fixes that. Bug: chromium:721417 Change-Id: Ia31b75b18dc17d7eed48538145fe5d0d59668843 Reviewed-on: https://pdfium-review.googlesource.com/5353 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [modify] https://crrev.com/0dc8571d1354b8c319510be625a446218449f532/core/fxcodec/codec/ccodec_gifmodule.cpp [modify] https://crrev.com/0dc8571d1354b8c319510be625a446218449f532/core/fxcodec/lgif/cgifdecompressor.cpp [modify] https://crrev.com/0dc8571d1354b8c319510be625a446218449f532/core/fxcodec/lgif/fx_gif.cpp
,
May 12 2017
ClusterFuzz has detected this issue as fixed in range 471184:471219. Detailed report: https://clusterfuzz.com/testcase?key=6306107244150784 Fuzzer: afl_pdf_codec_gif_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: Abrt Crash Address: 0x03e9000041d3 Crash State: CCodec_ProgressiveDecoder::GifInputRecordPositionBuf CCodec_ProgressiveDecoder::GifInputRecordPositionBuf CGifDecompressor::GetRecordPosition Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=470825:470884 Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=471184:471219 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6306107244150784 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 12 2017
ClusterFuzz testcase 6306107244150784 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||
►
Sign in to add a comment |
||
Comment 1 by npm@chromium.org
, May 11 2017Owner: npm@chromium.org
Status: Assigned (was: Untriaged)