New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 729673 link

Starred by 1 user
Status: Fixed
Owner:
scroggo@chromium.org
Closed: Jun 2017
Cc:
scroggo@chromium.org
csharrison@chromium.org
msrchandra@chromium.org
dsinclair@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux , Mac
Pri: 1
Type: Bug



Sign in to add a comment

Out-of-memory in blink_png_decoder_fuzzer

Project Member Reported by ClusterFuzz, Jun 5 2017 
Detailed report: https://clusterfuzz.com/testcase?key=5465440527843328

Fuzzer: libFuzzer_blink_png_decoder_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  blink_png_decoder_fuzzer
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=441523:441775

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5465440527843328


Issue filed automatically.

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by msrchandra@chromium.org, Jun 6 2017

Cc: msrchandra@chromium.org
Labels: M-60 Test-Predator-Wrong
Owner: scroggo@chromium.org
Status: Assigned (was: Untriaged)
Predator and CL did not provide any possible suspects.
Using Code Search for the file, "blink_png_decoder_fuzzer" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/1cc893851ef9ad007f4fb1eaabf58870fc634e81

@scroggo -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Comment 2 by scroggo@chromium.org, Jun 9 2017 

The ICCP chunk has a large profile_length. This was fixed in upstream libpng in https://github.com/glennrp/libpng/commit/92a7c79db2c962d04006b35e2603ba9d5ce75541
Project Member

Comment 3 by ClusterFuzz, Jun 9 2017

Labels: OS-Mac

Comment 5 by scroggo@chromium.org, Jun 16 2017

Status: Fixed (was: Assigned)

Comment 6 by scroggo@chromium.org, Jul 6 2017

Cc: scroggo@chromium.org csharrison@chromium.org
 Issue 737512  has been merged into this issue.

Comment 8 by thestig@chromium.org, Aug 23 2017

Cc: dsinclair@chromium.org
 Issue 747747  has been merged into this issue.
Project Member

Comment 9 by bugdroid1@chromium.org, Aug 24 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d12b9a5c49c08c0cc7516a860dff0f14290c0ecf

commit d12b9a5c49c08c0cc7516a860dff0f14290c0ecf
Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org>
Date: Thu Aug 24 00:18:00 2017

Roll src/third_party/pdfium/ 0924119ca..664d4b82a (1 commit)

https://pdfium.googlesource.com/pdfium.git/+log/0924119cae45..664d4b82ac51

$ git log 0924119ca..664d4b82a --date=short --no-merges --format='%ad %ae %s'
2017-08-23 thestig Reject oversized iCCP profile length in libpng.

Created with:
  roll-dep src/third_party/pdfium
BUG= 729673 


Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls


TBR=dsinclair@chromium.org

Change-Id: I4f68cd696f5e16ccacee623f5165d691745cdc09
Reviewed-on: https://chromium-review.googlesource.com/630536
Reviewed-by: <pdfium-deps-roller@chromium.org>
Commit-Queue: <pdfium-deps-roller@chromium.org>
Cr-Commit-Position: refs/heads/master@{#496883}
[modify] https://crrev.com/d12b9a5c49c08c0cc7516a860dff0f14290c0ecf/DEPS

Sign in to add a comment