nullptr dereference crash in CPDF_ImageRenderer::StartRenderDIBSource() |
||
Issue descriptionChrome Version: 61.x OS: Windows Crash report id: b2d7ba9872d76d54 Thread 0 (id: 1952) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000028 ] 0x652719c9 (chrome_child.dll -cfx_dibitmap.cpp:806 ) CFX_DIBitmap::ConvertColorScale(unsigned int,unsigned int) 0x651eb057 (chrome_child.dll -cpdf_imagerenderer.cpp:109 ) CPDF_ImageRenderer::StartRenderDIBSource() 0x651ea856 (chrome_child.dll -cpdf_imagerenderer.cpp:182 ) CPDF_ImageRenderer::Start(CPDF_RenderStatus *,CPDF_PageObject *,CFX_Matrix const *,bool,int) 0x651d0f9a (chrome_child.dll -cpdf_renderstatus.cpp:1127 ) CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject *,CFX_Matrix const *,IFX_Pause *) 0x651b4f9b (chrome_child.dll -cpdf_progressiverenderer.cpp:81 ) CPDF_ProgressiveRenderer::Continue(IFX_Pause *) 0x6518e813 (chrome_child.dll -fpdfview.cpp:127 ) `anonymous namespace'::RenderPageImpl 0x6518e0a2 (chrome_child.dll -fpdfview.cpp:1199 ) FPDF_RenderPage_Retail(CPDF_PageRenderContext *,void *,int,int,int,int,int,int,bool,IFSDK_PAUSE_Adapter *) 0x651949ac (chrome_child.dll -fpdf_progressive.cpp:60 ) FPDF_RenderPageBitmap_Start In StartRenderDIBSource(), Clone() returned a nullptr.
,
Oct 6 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/b962ecceb7a7d961fdebc1bdf314d450cc6bf204 commit b962ecceb7a7d961fdebc1bdf314d450cc6bf204 Author: Lei Zhang <thestig@chromium.org> Date: Fri Oct 06 18:57:12 2017 Fix a crash in CPDF_ImageRenderer. BUG= chromium:770884 Change-Id: Ia609db04b0e596649fbda087290b7da040211f14 Reviewed-on: https://pdfium-review.googlesource.com/15790 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org> [modify] https://crrev.com/b962ecceb7a7d961fdebc1bdf314d450cc6bf204/core/fpdfapi/render/cpdf_imagerenderer.h [modify] https://crrev.com/b962ecceb7a7d961fdebc1bdf314d450cc6bf204/core/fpdfapi/render/cpdf_imagerenderer.cpp
,
Oct 6 2017
,
Oct 6 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a1249051fd06f1b39a53519cca758b8a411415a1 commit a1249051fd06f1b39a53519cca758b8a411415a1 Author: pdfium-deps-roller@chromium.org <pdfium-deps-roller@chromium.org> Date: Fri Oct 06 20:49:10 2017 Roll src/third_party/pdfium/ d103b9663..b962ecceb (1 commit) https://pdfium.googlesource.com/pdfium.git/+log/d103b96635a2..b962ecceb7a7 $ git log d103b9663..b962ecceb --date=short --no-merges --format='%ad %ae %s' 2017-10-06 thestig Fix a crash in CPDF_ImageRenderer. Created with: roll-dep src/third_party/pdfium BUG= 770884 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+/master/autoroll/README.md If the roll is causing failures, see: http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls TBR=dsinclair@chromium.org Change-Id: I703e0e4445cfc264262ec04aa82a872299b17d67 Reviewed-on: https://chromium-review.googlesource.com/705814 Reviewed-by: <pdfium-deps-roller@chromium.org> Commit-Queue: <pdfium-deps-roller@chromium.org> Cr-Commit-Position: refs/heads/master@{#507172} [modify] https://crrev.com/a1249051fd06f1b39a53519cca758b8a411415a1/DEPS |
||
►
Sign in to add a comment |
||
Comment 1 by thestig@chromium.org
, Oct 6 2017Status: Started (was: Untriaged)