New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 726296 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: May 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Abrt in default_terminate_handler

Project Member Reported by ClusterFuzz, May 25 2017

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6114499989078016

Fuzzer: afl_pdf_cfx_barcode_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e900006146
Crash State:
  default_terminate_handler
  failed_throw
  CBC_ErrorCorrection::encodeECC200
  
Sanitizer: address (ASAN)

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6114499989078016


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
 
Cc: tsepez@chromium.org dsinclair@chromium.org msrchandra@chromium.org
Labels: Test-Predator-Wrong M-59
Owner: thestig@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not provide any possible suspects.
Using Code Search for the file, "BC_ErrorCorrection.cpp" assigning to the concern owner who might be related to the file.

@thestig -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.
Project Member

Comment 2 by ClusterFuzz, May 25 2017

ClusterFuzz has detected this issue as fixed in range 474139:474170.

Detailed report: https://clusterfuzz.com/testcase?key=6114499989078016

Fuzzer: afl_pdf_cfx_barcode_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: Abrt
Crash Address: 0x03e900006146
Crash State:
  default_terminate_handler
  failed_throw
  CBC_ErrorCorrection::encodeECC200
  
Sanitizer: address (ASAN)

Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=474139:474170

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6114499989078016


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Labels: ClusterFuzz-Wrong
Don't know why this would be 'fixed' we should verify.
Labels: -M-59 -ClusterFuzz-Wrong
Status: Fixed (was: Assigned)
Apparently I fixed this in https://pdfium.googlesource.com/pdfium/+/a861a7b4696e0ffd4be73c63d7ed3611e461b1c1 - who knew.
The fix was marking CBC_SymbolInfo::getInterleavedBlockCount() as virtual, so CBC_DataMatrixSymbolInfo144::getInterleavedBlockCount() can properly override it. Otherwise CBC_DataMatrixSymbolInfo144 initializes |m_rsBlockData| to -1 and CBC_ErrorCorrection::encodeECC200() tries to create a std::vector with a negative size.
Components: Internals>Plugins>PDF

Sign in to add a comment