Stack-overflow in CPDF_IndexedCS::v_Load |
|||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5216706560786432 Fuzzer: ifratric_pdf_generic Job Type: linux_asan_pdfium Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffc6dc09fe8 Crash State: CPDF_IndexedCS::v_Load CPDF_ColorSpace::Load CPDF_DeviceNCS::v_Load Sanitizer: address (ASAN) Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5216706560786432 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Oct 17 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/7c2daec0a5f5d5e0f442db7946e9356daa7c55b2 commit 7c2daec0a5f5d5e0f442db7946e9356daa7c55b2 Author: Henrique Nakashima <hnakashima@chromium.org> Date: Tue Oct 17 20:52:18 2017 Fix loading mutually referencing colorspaces. CPDF_DeviceNCS and CPDF_SeparationCS can load other colorspaces and their v_Load() needs to pass around a set of visited spaces to avoid stack overflows if that other colorspace references the first one. Bug: chromium:773095 Change-Id: Idae26c95a8034c3ded70f70e20ae1c414d7b29c3 Reviewed-on: https://pdfium-review.googlesource.com/16250 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> [modify] https://crrev.com/7c2daec0a5f5d5e0f442db7946e9356daa7c55b2/core/fpdfapi/page/cpdf_colorspace.cpp
,
Oct 17 2017
,
Oct 18 2017
ClusterFuzz has detected this issue as fixed in range 509492:509608. Detailed report: https://clusterfuzz.com/testcase?key=5216706560786432 Fuzzer: ifratric_pdf_generic Job Type: linux_asan_pdfium Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffc6dc09fe8 Crash State: CPDF_IndexedCS::v_Load CPDF_ColorSpace::Load CPDF_DeviceNCS::v_Load Sanitizer: address (ASAN) Fixed: https://clusterfuzz.com/revisions?job=linux_asan_pdfium&range=509492:509608 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5216706560786432 See https://github.com/google/clusterfuzz-tools for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 18 2017
ClusterFuzz testcase 5216706560786432 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
|||
►
Sign in to add a comment |
|||
Comment 1 by pnangunoori@chromium.org
, Oct 10 2017Labels: M-62 Test-Predator-Wrong
Owner: hnakashima@chromium.org
Status: Assigned (was: Untriaged)