Out-of-memory in pdf_codec_bmp_fuzzer |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=4868057209241600 Fuzzer: libFuzzer_pdf_codec_bmp_fuzzer Job Type: libfuzzer_chrome_msan Platform Id: linux Crash Type: Out-of-memory (exceeds 2048 MB) Crash Address: Crash State: pdf_codec_bmp_fuzzer Sanitizer: memory (MSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=400803:400900 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4868057209241600 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 4 2017
,
Jul 5 2017
,
Jul 7 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/f6f68c75ce54a5865fb19dcb075e7734f1639663 commit f6f68c75ce54a5865fb19dcb075e7734f1639663 Author: Ryan Harrison <rharrison@chromium.org> Date: Fri Jul 07 18:22:36 2017 Check that there is enough data remaining in source BMP before reading When reading in a BMP, after processing the header, make sure that there is enough data remaining in the source before proceeding. If not signal that the BMP is improperly formatted. BUG= chromium:738635 Change-Id: I506bc0e6db7dcd4b5984fd91a1f39516320a2037 Reviewed-on: https://pdfium-review.googlesource.com/7280 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org> [modify] https://crrev.com/f6f68c75ce54a5865fb19dcb075e7734f1639663/core/fxge/dib/cfx_dibitmap.cpp [modify] https://crrev.com/f6f68c75ce54a5865fb19dcb075e7734f1639663/core/fxcodec/codec/fx_codec_progress.cpp [modify] https://crrev.com/f6f68c75ce54a5865fb19dcb075e7734f1639663/core/fxge/dib/cfx_dibitmap.h
,
Jul 7 2017
,
Jul 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ef94bf49b4e4c6f1fc234d1b32c589f403c8cb02 commit ef94bf49b4e4c6f1fc234d1b32c589f403c8cb02 Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Fri Jul 07 20:29:57 2017 Roll src/third_party/pdfium/ c3d3bb2a0..f6f68c75c (1 commit) https://pdfium.googlesource.com/pdfium.git/+log/c3d3bb2a036b..f6f68c75ce54 $ git log c3d3bb2a0..f6f68c75c --date=short --no-merges --format='%ad %ae %s' 2017-07-07 rharrison Check that there is enough data remaining in source BMP before reading Created with: roll-dep src/third_party/pdfium BUG= 738635 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: Ifbb658f4beac53166e569be5eb973c9d0308c042 Reviewed-on: https://chromium-review.googlesource.com/563819 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#485029} [modify] https://crrev.com/ef94bf49b4e4c6f1fc234d1b32c589f403c8cb02/DEPS |
|||
►
Sign in to add a comment |
|||
Comment 1 by msrchandra@chromium.org
, Jul 3 2017Labels: Test-Predator-Wrong
Owner: dsinclair@chromium.org
Status: Assigned (was: Untriaged)