Issue metadata
Sign in to add a comment
|
Unknown exception in KERNELBASE.dll after CPDF_Parser::ParseAndAppendCrossRefSubsectionData |
||||||||||||||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5474619619540992 Fuzzer: ifratric_pdf_generic Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Unknown exception Crash Address: 0x0053d06c Crash State: C:\windows\SYSTEM32\KERNELBASE.dll CPDF_Parser::ParseAndAppendCrossRefSubsectionData CPDF_Parser::ParseCrossRefV4 Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=491660:491671 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5474619619540992 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Aug 6 2017
This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it. If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 6 2017
,
Aug 6 2017
,
Aug 7 2017
,
Aug 7 2017
It's very likely https://pdfium-review.googlesource.com/c/9290 - will investigate.
,
Aug 11 2017
Also https://bugs.chromium.org/p/chromium/issues/detail?id=754789 A speculative revert of the patch in question may be warranted. Thanks.
,
Aug 11 2017
https://pdfium-review.googlesource.com/c/10770 is that speculative revert.
,
Aug 11 2017
And the autorevert failed, which puts it ouside the scope of security sherrifings. Lei, want to take a stab at the manual version?????
,
Aug 12 2017
Issue 754789 has been merged into this issue.
,
Aug 16 2017
,
Aug 16 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/cd04b727f0b182f4ca39bb5b9198ba2f6389e05d commit cd04b727f0b182f4ca39bb5b9198ba2f6389e05d Author: Lei Zhang <thestig@chromium.org> Date: Wed Aug 16 18:39:43 2017 Fix potential OOM / integer overflow in CPDF_Parser. The count passed into ParseAndAppendCrossRefSubsectionData() may be invalid. BUG= chromium:752796 Change-Id: Ic7bbfd16761d1df0855e6c77e4abc68823b12395 Reviewed-on: https://pdfium-review.googlesource.com/11130 Reviewed-by: Art Snake <art-snake@yandex-team.ru> Commit-Queue: Lei Zhang <thestig@chromium.org> [modify] https://crrev.com/cd04b727f0b182f4ca39bb5b9198ba2f6389e05d/core/fpdfapi/parser/cpdf_parser.cpp
,
Aug 16 2017
,
Aug 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/27ec0b7c12ce7e2e231cc7955f2946fe6915d897 commit 27ec0b7c12ce7e2e231cc7955f2946fe6915d897 Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Wed Aug 16 20:51:01 2017 Roll src/third_party/pdfium/ ca8982977..a169364e4 (7 commits) https://pdfium.googlesource.com/pdfium.git/+log/ca89829775fe..a169364e4695 $ git log ca8982977..a169364e4 --date=short --no-merges --format='%ad %ae %s' 2017-08-16 rharrison Add parse depth limit to FormCalc parser 2017-08-16 rharrison Add in missting string length check 2017-08-16 thestig Fix potential OOM / integer overflow in CPDF_Parser. 2017-08-14 tsepez Check for possible empty object returns from NewFxDynamicObj() 2017-08-16 janeliulwq Fixed the return values of FPDFAnnot_Get{Rect|AttachmentPoints} 2017-08-16 dsinclair Remove CFWL_WidgetMgrDelegate 2017-08-15 janeliulwq Changed the return type of FPDFAnnot_Get{Rect|AttachmentPoints}() Created with: roll-dep src/third_party/pdfium BUG= 752433 , 754984 , 752796 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: I1a6f55adde2f82919d1e644a9f1ccd5c301bba29 Reviewed-on: https://chromium-review.googlesource.com/617402 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#494941} [modify] https://crrev.com/27ec0b7c12ce7e2e231cc7955f2946fe6915d897/DEPS
,
Aug 17 2017
ClusterFuzz has detected this issue as fixed in range 494916:494974. Detailed report: https://clusterfuzz.com/testcase?key=5474619619540992 Fuzzer: ifratric_pdf_generic Job Type: windows_asan_chrome_no_sandbox Platform Id: windows Crash Type: Unknown exception Crash Address: 0x0053d06c Crash State: C:\windows\SYSTEM32\KERNELBASE.dll CPDF_Parser::ParseAndAppendCrossRefSubsectionData CPDF_Parser::ParseCrossRefV4 Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=491660:491671 Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=494916:494974 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5474619619540992 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 17 2017
ClusterFuzz testcase 5474619619540992 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Aug 17 2017
,
Aug 17 2017
Issue 756273 has been merged into this issue.
,
Aug 18 2017
,
Oct 5 2017
,
Nov 23 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Aug 6 2017