Issue metadata
Sign in to add a comment
|
Crash in AddCode |
||||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6429476824285184 Fuzzer: afl_pdf_codec_gif_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x62a00002140c Crash State: AddCode CGifLZWDecoder::Decode gif_load_frame Sanitizer: address (ASAN) Recommended Security Severity: High Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6429476824285184 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
May 16 2017
,
May 16 2017
,
May 16 2017
looks like issue 654173 but hard to know it's the same issue. Seems to be in the GIF decoder. npm can you have a look at determine if this can be duped into 654173?
,
May 16 2017
I'm fixing this one, please CC me in the other one because I currently don't have access to it.
,
May 17 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/7876609b3540137663d48282ad94ba42a3749e73 commit 7876609b3540137663d48282ad94ba42a3749e73 Author: Nicolas Pena <npm@chromium.org> Date: Wed May 17 00:56:02 2017 Gif: Detect string decoding errors This CL adds some checks to make sure the DecodeString method does not go out out control: If code is equal to code_table[code].prefix, it will try to loop forever. Even if that's not the case, avoid reading a negative position from the stack. Bug: chromium:722672 Change-Id: I638f91542ba21f3a9915198fef853cc3cf94f4f1 Reviewed-on: https://pdfium-review.googlesource.com/5513 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [modify] https://crrev.com/7876609b3540137663d48282ad94ba42a3749e73/core/fxcodec/lgif/fx_gif.h [modify] https://crrev.com/7876609b3540137663d48282ad94ba42a3749e73/core/fxcodec/lgif/fx_gif.cpp
,
May 17 2017
ClusterFuzz has detected this issue as fixed in range 472355:472392. Detailed report: https://clusterfuzz.com/testcase?key=6429476824285184 Fuzzer: afl_pdf_codec_gif_fuzzer Job Type: afl_chrome_asan Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x62a00002140c Crash State: AddCode CGifLZWDecoder::Decode gif_load_frame Sanitizer: address (ASAN) Recommended Security Severity: High Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=472355:472392 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6429476824285184 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
May 17 2017
ClusterFuzz testcase 6429476824285184 is verified as fixed, so closing issue. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
May 17 2017
I'm duping into the other bug which is also fixed by the CL.
,
Aug 25 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, May 16 2017