Stack-overflow in CXFA_FMLexer::NextToken |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6052538389626880 Fuzzer: libFuzzer_pdf_fm2js_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffce95baef8 Crash State: CXFA_FMLexer::NextToken CXFA_FMParse::NextToken CXFA_FMParse::ParsePostExpression Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=446960:446964 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6052538389626880 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jun 26 2017
,
Jun 26 2017
,
Jul 13 2017
,
Jul 13 2017
,
Jul 18 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/756023071d1c4574fcb433c4bc7f13e7b763f763 commit 756023071d1c4574fcb433c4bc7f13e7b763f763 Author: Ryan Harrison <rharrison@chromium.org> Date: Tue Jul 18 14:48:37 2017 Correct lexer handling of FormCalc identifiers This makes the lexer stricter on valid characters for identifiers, and conform to the grammar in the FormCalc spec. This should remove a class of inputs that ClusterFuzz is attempting that are breaking later stages of the transpile. BUG: chromium:736234 , pdfium:783, pdfium:784 Change-Id: I3987d6778a82b71d768fa751035993c0af2577ee Reviewed-on: https://pdfium-review.googlesource.com/8010 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> [modify] https://crrev.com/756023071d1c4574fcb433c4bc7f13e7b763f763/xfa/fxfa/fm2js/cxfa_fmlexer.cpp [add] https://crrev.com/756023071d1c4574fcb433c4bc7f13e7b763f763/xfa/fxfa/fm2js/DEPS [modify] https://crrev.com/756023071d1c4574fcb433c4bc7f13e7b763f763/xfa/fxfa/fm2js/cxfa_fmlexer_unittest.cpp
,
Jul 18 2017
,
Jul 19 2017
ClusterFuzz has detected this issue as fixed in range 487479:487553. Detailed report: https://clusterfuzz.com/testcase?key=6052538389626880 Fuzzer: libFuzzer_pdf_fm2js_fuzzer Job Type: libfuzzer_chrome_asan_debug Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffce95baef8 Crash State: CXFA_FMLexer::NextToken CXFA_FMParse::NextToken CXFA_FMParse::ParsePostExpression Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=446960:446964 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=487479:487553 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6052538389626880 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by msrchandra@chromium.org
, Jun 23 2017Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)