Null-dereference WRITE in horizontalAccumulate16 |
||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5030391504437248 Fuzzer: libFuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference WRITE Crash Address: 0x000000000000 Crash State: horizontalAccumulate16 PixarLogDecode TIFFReadEncodedTile Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=486555:486672 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5030391504437248 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Jul 18 2017
,
Jul 20 2017
This may have been caused by some recent upstream patches, filed http://bugzilla.maptools.org/show_bug.cgi?id=2721
,
Jul 26 2017
Could you provide the test case in http://bugzilla.maptools.org/show_bug.cgi?id=2721 so we can diagnose what happens ? Thanks
,
Jul 28 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/d3c6f8119a4c6cd143c6f2f3f874705f57afaf36 commit d3c6f8119a4c6cd143c6f2f3f874705f57afaf36 Author: Nicolas Pena <npm@chromium.org> Date: Fri Jul 28 18:39:37 2017 LibTIFF: upstream patch to fix null dereference This CL applies this patch that fixes a recent null dereference regression: https://github.com/vadz/libtiff/commit/57f4b28c00d78bd5d74768585d0e46b2e12e94f7 Bug: chromium:743621 Change-Id: I0f9d4321dc6ea71dd31cf0ba8420cc25d401f0d8 Reviewed-on: https://pdfium-review.googlesource.com/9490 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [modify] https://crrev.com/d3c6f8119a4c6cd143c6f2f3f874705f57afaf36/third_party/libtiff/tif_getimage.c [add] https://crrev.com/d3c6f8119a4c6cd143c6f2f3f874705f57afaf36/third_party/libtiff/0026-upstream-null-dereference.patch [modify] https://crrev.com/d3c6f8119a4c6cd143c6f2f3f874705f57afaf36/third_party/libtiff/README.pdfium
,
Jul 30 2017
ClusterFuzz has detected this issue as fixed in range 490594:490630. Detailed report: https://clusterfuzz.com/testcase?key=5030391504437248 Fuzzer: libFuzzer_pdf_codec_tiff_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference WRITE Crash Address: 0x000000000000 Crash State: horizontalAccumulate16 PixarLogDecode TIFFReadEncodedTile Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=486555:486672 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=490594:490630 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5030391504437248 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Jul 30 2017
ClusterFuzz testcase 5030391504437248 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||
►
Sign in to add a comment |
||||
Comment 1 by msrchandra@chromium.org
, Jul 17 2017Labels: Test-Predator-Wrong-CLs M-61
Owner: npm@chromium.org
Status: Assigned (was: Untriaged)