Integer-overflow in CPDF_RenderStatus::DrawTilingPattern |
||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5268714420436992 Fuzzer: libFuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CPDF_RenderStatus::DrawTilingPattern CPDF_RenderStatus::ProcessPathPattern CPDF_RenderStatus::ProcessPath Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=408371:408428 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5268714420436992 Issue filed automatically. See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.
,
Oct 17 2017
Predator and CL could not provide any possible suspects. Based on the recent changes to the file 'cpdf_renderstatus.cpp' assigning this issue to dsinclair. @dsinclair -- Could you please look into this issue, kindly reassign if it has nothing to do with your changes. Thank You.
,
Oct 17 2017
,
Oct 23 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/97dab80731a15a6bd74cdc3caf11f97c3a3be5ed commit 97dab80731a15a6bd74cdc3caf11f97c3a3be5ed Author: Dan Sinclair <dsinclair@chromium.org> Date: Mon Oct 23 13:25:37 2017 Validate pattern sizes before usage This CL adds some validation into the tiling pattern drawing code. BUG: chromium:775365 Change-Id: I7bcad7f7f2c83982cd955f92091658b46f6b820b Reviewed-on: https://pdfium-review.googlesource.com/16190 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> [modify] https://crrev.com/97dab80731a15a6bd74cdc3caf11f97c3a3be5ed/core/fpdfapi/render/cpdf_renderstatus.cpp
,
Oct 23 2017
,
Oct 24 2017
ClusterFuzz has detected this issue as fixed in range 510776:510787. Detailed report: https://clusterfuzz.com/testcase?key=5268714420436992 Fuzzer: libFuzzer_pdfium_fuzzer Job Type: libfuzzer_chrome_ubsan Platform Id: linux Crash Type: Integer-overflow Crash Address: Crash State: CPDF_RenderStatus::DrawTilingPattern CPDF_RenderStatus::ProcessPathPattern CPDF_RenderStatus::ProcessPath Sanitizer: undefined (UBSAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=408371:408428 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=510776:510787 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5268714420436992 See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Oct 24 2017
ClusterFuzz testcase 5268714420436992 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
,
Nov 7 2017
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ClusterFuzz
, Oct 17 2017Labels: Test-Predator-AutoComponents