Null-dereference READ in CFX_WideString::GetAt |
|||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=6079322795540480 Fuzzer: libFuzzer_pdfium_xfa_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: CFX_WideString::GetAt CXFA_ResolveProcessor::Resolve CXFA_ResolveProcessor::ResolveExcalmatory Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=493954:493968 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6079322795540480 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Aug 14 2017
,
Aug 14 2017
,
Aug 15 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/a0377dc31bccf0e3427bd94fab5fed17c1283098 commit a0377dc31bccf0e3427bd94fab5fed17c1283098 Author: Ryan Harrison <rharrison@chromium.org> Date: Tue Aug 15 15:14:00 2017 Add checks on length of string before accessing elements of string BUG= chromium:754982 Change-Id: I41da6828c714d3ed12fe796ae7e228d87b168962 Reviewed-on: https://pdfium-review.googlesource.com/10890 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> [modify] https://crrev.com/a0377dc31bccf0e3427bd94fab5fed17c1283098/xfa/fxfa/parser/cxfa_resolveprocessor.cpp
,
Aug 15 2017
,
Aug 15 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/95bfae4c37d01e52694745b477e3b0103a12da59 commit 95bfae4c37d01e52694745b477e3b0103a12da59 Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Tue Aug 15 16:37:17 2017 Roll src/third_party/pdfium/ 73b492a5d..a0377dc31 (3 commits) https://pdfium.googlesource.com/pdfium.git/+log/73b492a5d775..a0377dc31bcc $ git log 73b492a5d..a0377dc31 --date=short --no-merges --format='%ad %ae %s' 2017-08-15 rharrison Add checks on length of string before accessing elements of string 2017-08-15 rharrison Remove GetAt from string classes 2017-08-15 dsinclair Remove default params from xfa/fde code. Created with: roll-dep src/third_party/pdfium BUG= 754982 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: Ia669e6916652f35afa5055631535ab5b546ae400 Reviewed-on: https://chromium-review.googlesource.com/615186 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#494408} [modify] https://crrev.com/95bfae4c37d01e52694745b477e3b0103a12da59/DEPS
,
Aug 16 2017
ClusterFuzz has detected this issue as fixed in range 494402:494473. Detailed report: https://clusterfuzz.com/testcase?key=6079322795540480 Fuzzer: libFuzzer_pdfium_xfa_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000010 Crash State: CFX_WideString::GetAt CXFA_ResolveProcessor::Resolve CXFA_ResolveProcessor::ResolveExcalmatory Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=493954:493968 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=494402:494473 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6079322795540480 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Aug 16 2017
ClusterFuzz testcase 6079322795540480 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by msrchandra@chromium.org
, Aug 14 2017Labels: Test-Predator-Wrong-CLs M-62
Owner: rharrison@chromium.org
Status: Assigned (was: Untriaged)